I personally I don't care if DCs are allowed or not by this document.
But if DCs are to be prohibited in this document, I want to make sure
that the document gives the right reason for that.
The order of RDNs in a DN is fixed. So you are saying that there are
buggy implementations (and maybe most of them are buggy) which don't
read RDNs in the correct order, that is why we need to prohibit use of
DCs in subjectName?
In addition, RFC 5280 says:
In addition, implementations of this specification MUST be prepared
to receive the domainComponent attribute, as defined in [RFC4519].
The Domain Name System (DNS) provides a hierarchical resource
labeling system. This attribute provides a convenient mechanism for
organizations that wish to use DNs that parallel their DNS names.
This is not a replacement for the dNSName component of the
alternative name extensions. Implementations are not required to
convert such names into DNS names. The syntax and associated OID for
this attribute type are provided in the ASN.1 modules in Appendix A.
Rules for encoding internationalized domain names for use with the
domainComponent attribute type are specified in Section 7.3.
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
