[cabfpub] RFC5280

Rich Smith richard.smith at comodo.com
Wed Feb 24 21:13:00 UTC 2016

I can't speak intelligently to points 2-4, but as for #1, I get cases 
all the time where the legal organization name exceeds 64 characters.  
In addition to Netherlands, which Jeremy has pointed out, I see a lot 
from Germany, and given the unique method in the German language of 
stringing together several existing words to form a new word, things can 
get very long very quickly and are next to impossible to sensibly 
abbreviate.  Jeremy has pointed out a very real problem here.  I'm not 
necessarily advocating that we break from 5280 on this, but I definitely 
think it is worth attempting to update with PKIX/IETF.

On 2/24/2016 2:01 PM, Jeremy Rowley wrote:
> Yes - I realize it is characters, not bytes.  There are lots of examples in
> Netherlands where the name is longer than 64 characters, especially if you
> include all the legal identifiers.
> Using SAN.dnsname only causes wonkiness in IE.
> -----Original Message-----
> From: Rob Stradling [mailto:rob.stradling at comodo.com]
> Sent: Wednesday, February 24, 2016 12:56 PM
> To: Jeremy Rowley; public at cabforum.org
> Subject: Re: [cabfpub] RFC5280
> On 24/02/16 18:56, Jeremy Rowley wrote:
> <snip>
>> 1)Org names, common names,  and address fields are limited to 64
>> characters. Very few international companies can comply with this
>> restriction.
> Hi Jeremy.  I'm puzzled as to why "international" would have anything to do
> with this.  Can you cite some examples of such international companies?
> You do realize that the limit is in characters, not bytes, right?
>> It's even worse if you are converting an IDN to a printable string.
> If an IDN doesn't fit in a Subject.commonName, then you can omit the
> Subject.commonName field from the cert.
> Use SAN.dNSName.
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/d28e35fe/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4035 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160224/d28e35fe/attachment-0001.p7s>

More information about the Public mailing list