Re: X.509 certificate and its subject name field

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

>>Well, in Peter Gutmann's excellent X.509 Style Guide, he specifically says
>>multi-value RDNs should *not* be used, citing LDAP support and encoding
>>issues as reasons. However, at the end of the section he does say
>>"Everything will probably break when you move to LDAP anyway."
>
>Could you tell me where this style guide is located?
 
It's at http://www.cs.auckland.ac.nz/~pgut001/x509guide.html.
 
>To clear up possible confusion,
>
>[LDAPv3 features]
 
When I wrote the style guide I read through all the LDAP-related RFC's and the 
documentation for LDAP software I could get my hands on (as well as sundry
standards, drafts, guidelines, interoperability specs, etc etc), and tried to 
take into account the various "Use of this feature will result in the 
immediate demise of all small furry animals in an eight-block radius"-type 
warnings contained therein to find a lowest common denominator set of rules
which should result in the least pain for all concerned if they're adhered 
to.  The result is in the guide.  The idea behind the guide is to present a 
"If you do this, you should be OK" set of guidelines, rather than a "You're 
theoretically allowed to do this if you can find an implementation which 
supports it" feature list.  I keep updating the guide as new things come to 
light (at the moment I've got to add bits on character set encoding issues and 
the ongoing debate over errors in PKCS #10), if there's a significant reason 
to change the text about DN-related issues (that is, if the majority of 
software being fielded now supports more than what's described in the guide, 
and if someone using these extra features still stands a good chance of being 
able to talk to other real, deployed implementations) then I'll be happy to 
make the changes.
 
Peter.