[cabfpub] RFC5280
Rich Smith
richard.smith at comodo.com
Wed Feb 24 21:13:00 UTC 2016
I can't speak intelligently to points 2-4, but as for #1, I get cases
all the time where the legal organization name exceeds 64 characters.
In addition to Netherlands, which Jeremy has pointed out, I see a lot
from Germany, and given the unique method in the German language of
stringing together several existing words to form a new word, things can
get very long very quickly and are next to impossible to sensibly
abbreviate. Jeremy has pointed out a very real problem here. I'm not
necessarily advocating that we break from 5280 on this, but I definitely
think it is worth attempting to update with PKIX/IETF.
-Rich
On 2/24/2016 2:01 PM, Jeremy Rowley wrote:
> Yes - I realize it is characters, not bytes. There are lots of examples in
> Netherlands where the name is longer than 64 characters, especially if you
> include all the legal identifiers.
>
> Using SAN.dnsname only causes wonkiness in IE.
>
> -----Original Message-----
> From: Rob Stradling [mailto:rob.stradling at comodo.com]
> Sent: Wednesday, February 24, 2016 12:56 PM
> To: Jeremy Rowley; public at cabforum.org
> Subject: Re: [cabfpub] RFC5280
>
> On 24/02/16 18:56, Jeremy Rowley wrote:
> <snip>
>> 1)Org names, common names, and address fields are limited to 64
>> characters. Very few international companies can comply with this
>> restriction.
> Hi Jeremy. I'm puzzled as to why "international" would have anything to do
> with this. Can you cite some examples of such international companies?
>
> You do realize that the limit is in characters, not bytes, right?
>
>> It's even worse if you are converting an IDN to a printable string.
> If an IDN doesn't fit in a Subject.commonName, then you can omit the
> Subject.commonName field from the cert.
>
> Use SAN.dNSName.
>
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/d28e35fe/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4035 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/d28e35fe/attachment-0001.p7s>
More information about the Public
mailing list