[Smcwg-public] email address in CommonName
Inigo Barreira
Inigo.Barreira at sectigo.com
Tue Mar 22 17:12:46 UTC 2022
Hi,
Reviewing the profiles, we realized that the encoding and upper bounds
according to RFC5280 could create some issues when including the email in
the CN.
Encoding
EmailAddress is IA5String to permit inclusion of the character '@'.
The attribute value for emailAddress is of type IA5String to permit
inclusion of the character '@', which is not part
of the PrintableString character set.
CN is DirectoryString (UTF8String or PrintableString)
common name, employ the DirectoryString type, which supports
internationalized names through a variety of language encodings.
Conforming implementations MUST support UTF8String and PrintableString
Upper bounds
ub-common-name INTEGER ::= 64
ub-emailaddress-length INTEGER ::= 255
If we support emailaddress in CN, then there could be a potential truncation
if the length is beyond 64 characters. Or are not allowing to enter the
email address if it´s above this value? Up to the CAs to decide?
Even though CN is an optional field in the Subject for all types (MV, OV, SV
and IV), in all of them, it´s allowed the use of email address. Furthermore,
in MV is the only option. Maybe a clarification is needed in section
7.1.4.2.2 a.
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220322/98e02cb1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6853 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220322/98e02cb1/attachment.p7s>
More information about the Smcwg-public
mailing list