Skip to content

Commit

Permalink
fix certificate subject criteria
Browse files Browse the repository at this point in the history 
Co-authored-by: Hannes Tschofenig <[email protected]>
  • Loading branch information
@mcr @hannestschofenig
mcr and hannestschofenig authored Sep 2, 2024
1 parent 316a48c commit 258dee8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion draft-ietf-uta-tls13-iot-profile.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -491,7 +491,7 @@ issuer field in all certificates issued by the subject CA."

However, as {{!RFC9525, Section 2}} mandates that the subjectDN not be be used to identify a service, for IoT purposes, an empty SubjectDN avoids all confusion for End Entity certificates.

Root CA and Subordinate CAs must have a non-null SubjectDN as that value must match the IssuerDN of subordinate certificates.
Root CA certificates and Subordinate CA certificates MUST have a non-empty SubjectDN, as the value MUST match the DN of the Issuer.

### Authority Key Identifier

Expand Down

0 comments on commit 258dee8

Please sign in to comment.