> Could not find a definitive answer on google, so thought it would be > best to ask the experts :) Its probably been discussed on the PKIX mailing list at some point (http://mailarchive.ietf.org/arch/search/?email_list=pkix). Keys don't use them. Certificates can use them based on the ASN.1 type. However, I work on a C++ project, and the CA removed the CN we requested. I'm guessing it was because of the "++" in the common name (friendly name displayed to the user), which may have wreaked havoc on some scripts. I've been waiting to see a BlackHat talk on it. Jeff
