Steve, I think I am not clearly understanding your response because
I am still somewhat confused but the "Yup" seems to reaffirm my
prevalent understanding.
Yup, an RDN is a *set* of AVAs. There can be only one occurrence of
an attribute in this set, so an RDN is a (partial) function from
attributes to their corresponding ranges. A DN is a sequence of RDNs.
Let me phrase my confusion concretely by asking the following:
Is the following RDN valid?
SET OF
SEQUENCE OF
type=organizational unit
value=Division A
SEQUENCE OF
type=organizational unit
value=Testing CA Only
I believe this is valid and is why a set is used... to permit for
multiple values per type.
How about the following?
SET OF
SEQUENCE OF
type=country
value=Zimbawe
SEQUENCE OF
type=state/province
value=Zimmy State
I believe this is not valid although I cannot find any actual
text which says so. This is the kind of thing that COST does.
Instead, this s/b done with two RDNs, which is certainly valid,
but is there anything that rules out the single RDN approach???
It seems wrong although I can't point to "Section X in Document Y."
-Ray