[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] sun.security.x509.X500Name vs org.bouncycastle.asn1.x509.X509Name
From:       Michael_Ströder <michael () stroeder ! com>
Date:       2002-10-22 10:36:30
[Download RAW message or body]

Tomas Gustavsson wrote:
> 
>> I vote for applying the standard order C, ST, L, O, OU, CN from X.521 
>> if the application does not provide an ordering when calling the 
>> X509Name constructor.
> 
> I vote for that as well. But I have been looking and it is not so easy 
> to find a standardized order including all present attributes, DC etc.
> Is there an order defined for all "C,DC,ST,L,O,OU,T,SN,CN"?

Note that in theory the distinguished names specify a node in a DIT 
(directory information tree). The only standard is X.521 (annex B?) with 
top-down order C, ST, L, O, OU, CN. This is what most PKI-enabled software 
expects.

Ciao, Michael.


[prev in list] [next in list] [prev in thread] [next in thread]