The verification process of the tverify page is toooo simple.
It assumes that the CommonName-attribute (CN) of a Twathe Certificate is build like this: Firstname [space] Lastname
While this will work in simple cases like:
John Smith
It will not work for people with multiple firstnames and/or Lastnames with verbs in them.
Just look at this real-life (changed the names to protect the innocent) case, as taken from Firefox:
E = name@domain.eu
CN = James Martin Luther van de Poort
Objectidentificatie (2 5 4 42 ) = James Martin Luther
Objectidentificatie (2 5 4 4 ) = van de Poort
In IE the last to are called: G and SN (most likely meaning Givename and SurName).
The code to verify the full-name however is flawed IMHO. It assumes (assumptions are always deadly) that the first space is the seperation between first and last name. I understand why this is done, you want to be able to lookup the data in the database. And that depends on the setup of the database tables.
An easy fix seems no to use the CN value of the certificate, but the other two object types, called G and SN (=surname). At least the SN part is X.500 compliant and should be located in each Certificate issues by Twathe. The G is the Givename I think, so that should match what you enter the firstname concept. So without splitting the CN (Common Name) in two object, you should be able to improve the code so that it matches when you have entered it the same in CACert and Twathe.
Next should be the assumption on middlename and the usecases that the order of names is different (for what ever reason).
Also, it would be great to have a little more error information for the user trying this. So displaying the found firstname, lastname, commonname and e-mail from the certificate. And if there is a matching account in the database. Would be great info, when the come to the support maillist.
I have posted my finding on the support list was well, just look in the archives.
BTW. The Middlename convention as used in CAcert, is NOT used in the Twathe system at all!