cp-cps icon indicating copy to clipboard operation
cp-cps copied to clipboard
verified publisher icon letsencrypt

Reword section 7.1 subscriber certificate profile describing CN omission

Open dextercd opened this issue 1 month ago • 0 comments

In section 7.1 the allowed contents of the DN of several certificate profiles are documented.

For example, for the root CA certificate it says the following:

C=US, O=Internet Security Research Group or O=ISRG, and a meaningful CN

Here C=US means that the C/countryName field has the text value US.

For the subscriber certificate it says the following:

CN=none, or one of the values from the Subject Alternative Name extension

Here CN=none is not used to mean that the CN/commonName field contains the text value none, rather it's trying to communicate that the field may be entirely omitted.

I think it would be an improvement to reword this to not use the field=value format, but instead something like:

CN may be omitted or contains one of the values from the Subject Alternative Name extension

dextercd avatar Jan 06 '26 22:01 dextercd