[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X.509 certificate and its subject name field
All,
The PKIX #1 RelativeDistinguishedName syntax IS different than the RDN
syntax in the latest draft 1997 X.501 spec that is stored on bull.ftp.com.
The latest RDN definition is:
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
AttributeTypeAndDistinguishedValue
AttributeTypeAndDistinguishedValue ::= SEQUENCE {
type ATTRIBUTE.&id ({SupportedAttributes}),
value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
primaryDistinguished BOOLEAN DEFAULT TRUE,
valuesWithContext SET SIZE (1 .. MAX) OF SEQUENCE {
distingAttrValue ATTRIBUTE.&Type ({SupportedAttributes}{@type}) OPTIONAL,
contextList SET SIZE (1 .. MAX) OF Context } OPTIONAL }
Please note that the AttributeTypeAndDistinguishedValue syntax is backwards
compatible with the 1988 AttributeValueAssertion syntax if the
primaryDistinguished is set to TRUE (i.e. DER states that default value is
not encoded) and valuesWithContext is set to absent. I am sure that this
was done intentionally so that current software could process the new syntax
(assuming the primaryDistinguished and valuesWithContext fields are not
present).
Please note that the draft 97 X.501 document really is "drafty" since the
RDN ASN.1 definition in the text doesn't match that in the ASN.1 module at
the end of the X.501 spec.
==============================================================
John Pawling (301) 953-3600
J.G. Van Dyke & Associates, Inc. (410) 880-6095
141 National Business Pkwy, Suite 210 FAX: (301) 953-2901
Annapolis Junction, MD 20701 jsp@jgvandyke.com