On Mon, 8 Oct 2018 03:43:53 -0700 (PDT) "piotr.grabowski--- via dev-security-policy" <[email protected]> wrote:
> We have by the way question about error: ERROR: The 'Organization > Name' field of the subject MUST be less than 64 characters. According > to https://www.ietf.org/rfc/rfc5280.txt and the note from this RFC > 'ub-organization-name INTEGER ::= 64. For UTF8String or > UniversalString at least four times the upper bound should be > allowed. So what is the max length of this field for UTF8String? As I understand it: Although the word "character" is vague and should generally be avoided in modern technical documents, in this context it seems to refer to a Unicode code point. And "at least four times" is referring to the prior lines of the RFC which explain that you will need more than one octet (byte) to represent some of these characters - this is important for resource constrained implementations. So: Organization Names in certificates obeying RFC5280 should not consist of more than 64 Unicode code points, when encoded in UTF-8, those 64 code points might consume up to 256 octets (bytes) This is NOT an excuse to write longer names which fit in 256 bytes, the constraint is on the number of characters (Unicode code points) not the bytes needed to encode these characters. In practice Organization names obeying the 64 character limit from RFC 5280 are likely to fit in much fewer than 256 octets because the more common characters such as "Ø" or "の" do not need 4 octets to encode, whereas the 😺 Smiling Cat Emoji does need 4 octets but of course rarely appears in the name of organizations. Nick. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
