[cabfpub] RFC5280

Stephen Davidson S.Davidson at quovadisglobal.com
Wed Feb 24 19:59:10 UTC 2016

Long names:


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rob Stradling
Sent: Wednesday, February 24, 2016 3:57 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>; public at cabforum.org
Subject: Re: [cabfpub] RFC5280

On 24/02/16 18:56, Jeremy Rowley wrote:
> 1)Org names, common names,  and address fields are limited to 64 
> characters. Very few international companies can comply with this 
> restriction.

Hi Jeremy.  I'm puzzled as to why "international" would have anything to do
with this.  Can you cite some examples of such international companies?

You do realize that the limit is in characters, not bytes, right?

> It's even worse if you are converting an IDN to a printable string.

If an IDN doesn't fit in a Subject.commonName, then you can omit the
Subject.commonName field from the cert.

Use SAN.dNSName.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Public mailing list
Public at cabforum.org

More information about the Public mailing list