reference 9525, say subjectDN for EE should be null, close #35

thomas-fossati · Sep 2, 2024 · 393671e · 393671e
1 parent d7e5ab7
commit 393671e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md
@@ -489,8 +489,9 @@ field." RFC 5280 adds "If the subject is a CA then the subject field MUST be
 populated with a non-empty distinguished name matching the contents of the
 issuer field in all certificates issued by the subject CA."
 
-The Subject field MUST be present and MUST contain the commonName, the organizationName,
-and the countryName attribute and MAY contain an organizationalUnitName attribute.
+However, {{RFC9525, Section 2.9}} now recommends that the SubjectDN be empty (null) for all End Entity certificates.
+
+Root CA and Subordinate CAs must have a non-null SubjectDN as that value must match the IssuerDN of subordinate certificates.
 
 ### Authority Key Identifier