[cabfpub] Clarification on BR 7.1.4.2.2 (commonName) and IDNs
Peter Bowen
pzb at amzn.com
Tue Jan 26 17:04:43 UTC 2016
In the BRs, for commonName, it says "If present, this field MUST contain a single IP address or Fully‐Qualified Domain Name that is one of the values contained in the Certificate’s subjectAltName extension.”
RFC 5280 requires the SAN and domainComponent DN attribute to contain the punycode (e.g. xn—) form of Internationalized Domain Names. However it is silent on commonName.
Is it allowable to have the commonName contain the Unicode string for IDNs in the SAN or must it only include the punycode form from the SAN?
Thanks,
Peter
More information about the Public
mailing list