-Rich On 2/24/2016 2:01 PM, Jeremy Rowley wrote:
Yes - I realize it is characters, not bytes. There are lots of examples in Netherlands where the name is longer than 64 characters, especially if you include all the legal identifiers.Using SAN.dnsname only causes wonkiness in IE. -----Original Message----- From: Rob Stradling [mailto:[email protected]] Sent: Wednesday, February 24, 2016 12:56 PM To: Jeremy Rowley; [email protected] Subject: Re: [cabfpub] RFC5280 On 24/02/16 18:56, Jeremy Rowley wrote: <snip>1)Org names, common names, and address fields are limited to 64 characters. Very few international companies can comply with this restriction.Hi Jeremy. I'm puzzled as to why "international" would have anything to do with this. Can you cite some examples of such international companies? You do realize that the limit is in characters, not bytes, right?It's even worse if you are converting an IDN to a printable string.If an IDN doesn't fit in a Subject.commonName, then you can omit the Subject.commonName field from the cert. Use SAN.dNSName. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
