[Freeipa-devel] [freeipa PR#228][comment] cert-request: allow directoryName in SAN extension
tomaskrizek
freeipa-github-notification at redhat.com
Mon Nov 28 16:02:46 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension
tomaskrizek commented:
"""
As I have understood from the mailing list discussion, we have two options:
1. We use this patch as is. That means Subject Alternative Name (SAN) DN always has to be the same as the Subject DN. Is there any use case for this? To me this seems like a duplicate info. Isn't the purpose of SAN to provide an *alternative* name?
2. We extend the validation to allow any existing principal. Are there any use cases for this?
Perhaps I'm missing something, but the first option doesn't seem very useful and I don't know if the second one is a valid and needed use case.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/228#issuecomment-263310866
More information about the Freeipa-devel
mailing list