[cabfpub] RFC5280

Jeremy Rowley jeremy.rowley at digicert.com
Wed Feb 24 20:01:33 UTC 2016


Yes - I realize it is characters, not bytes.  There are lots of examples in
Netherlands where the name is longer than 64 characters, especially if you
include all the legal identifiers. 

Using SAN.dnsname only causes wonkiness in IE.

-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com] 
Sent: Wednesday, February 24, 2016 12:56 PM
To: Jeremy Rowley; public at cabforum.org
Subject: Re: [cabfpub] RFC5280

On 24/02/16 18:56, Jeremy Rowley wrote:
<snip>
> 1)Org names, common names,  and address fields are limited to 64 
> characters. Very few international companies can comply with this 
> restriction.

Hi Jeremy.  I'm puzzled as to why "international" would have anything to do
with this.  Can you cite some examples of such international companies?

You do realize that the limit is in characters, not bytes, right?

> It's even worse if you are converting an IDN to a printable string.

If an IDN doesn't fit in a Subject.commonName, then you can omit the
Subject.commonName field from the cert.

Use SAN.dNSName.

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/0aee0bf6/attachment-0001.p7s>


More information about the Public mailing list