Re: X.509 certificate and its subject name field

[Mark Wahl <M.Wahl@xxxxxxxxxxxxxxxxxx>]

> Well, in Peter Gutmann's excellent X.509 Style Guide, he specifically says
> multi-value RDNs should *not* be used, citing LDAP support and encoding
> issues as reasons. However, at the end of the section he does say
> "Everything will probably break when you move to LDAP anyway."
 
Could you tell me where this style guide is located?

To clear up possible confusion,

 - LDAP supports multi-valued RDNs,

 - LDAP does not enforce any additional restrictions on name structures: X.500
   Distinguished Names are be used,

 - LDAPv3 supports the X.509v3 certificate and CRL data formats, and it is
   also possible to use the LDAPv3 mechanism to transfer X.509v3 certificates
   between several existing LDAPv2 implementations,
   
 - LDAPv3 supports the X.509(97) attribute types, 

 - LDAPv3 allows the transfer of RDN values in their DER format, if this is 
   needed to ensure tags of DirectoryString values are maintained, and

 - There are already implementations which use LDAP for the storage and 
   retrieval by PKI components of X.509v3 certificates and revocation lists
   in an X.500-based directory service.

Thanks,

Mark Wahl, Enterprise Directory Integration
Critical Angle Inc.