On 03/10/2016 04:14 PM, Jakob Bohm wrote:
...
>> - Non-PrintableString/UTF8String in DNs. Workaround to be removed in
>> Bug #[TBD].
>
> Does this also apply to "pure ASCII" fields such as country ("C=US")
> etc.? Some of those were historically constrained to one of the
> lesser ASN.1 string types.Yes. As far as I can tell, Country must be a PrintableString consisting of a two-letter country code from ISO 3166-1 (or "XX" as permitted by the BRs). Of course, RFC 5280 does have some wiggle-room regarding interoperability with preexisting certificates. Going forward, however, all DNs should use the allowed encodings.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
