Re: Microsoft and multi-valued RDNs

[RWEISER@xxxxxxxxxxxx]

Ah but it is on the directory side of things when we create the directory
entry the 0.9.2342.19200300.100.1.1 = D01E473E000000F58FE3DDDC00000709 is a
multi name attribute.  I can either search for Russel F Weiser and get
multiple entries for Russel F Weiser. Or if I formulation the LDAP search as
0.9.2342.19200300.100.1.1 = D01E473E000000F58FE3DDDC00000709+CN = Russel F
Weiser
I will get that exact entry only.
I am just trying to understand what the discussion was about.
Several years ago when I was looking at all this I tried to get CAs to
create DNs that were Mutlivalued RDNs but none of the CAs would do this. So
I just made the directory do it when we published the certificate into the
directory.
This allowed me to perform name uniqueness without searching the directory
prior to signing a certificate.
cheers
RFW

----- Original Message ----- 
From: "Michael Ströder" <michael@xxxxxxxxxxxx>
To: <RWEISER@xxxxxxxxxxxx>
Cc: <ietf-pkix@xxxxxxx>
Sent: Thursday, July 24, 2003 10:56 AM
Subject: Re: Microsoft and multi-valued RDNs


>
> RWEISER@xxxxxxxxxxxx wrote:
> > DST has been useing a multivalued RDN in EndEntity certificates for a
number
> > of PKIs and since 1999 when we started issuing certificates.  We only do
> > this for End Entities not servers.  Basically the certificate SubDN
looks
> > like the following.
> >
> > 0.9.2342.19200300.100.1.1 = D01E473E000000F58FE3DDDC00000709,E =
> > rweiser@xxxxxxxxxxxx, CN = Russel F Weiser,O = TrustID personal
> > certificate,C = US
>
> Maybe I'm missing something but this is not a multi-valued RDN.
>
> An example in RFC2253 string notation would be:
>
> cn=Michael Stroeder+serialNumber=12345, ...
>
> Note the '+'.
>
> Ciao, Michael.
>
>