The rule of thumb for this use to cut from the right when reached the 64 character or advise the customer of the issue and ask for another name to be included in the certificate. We face the problem every day because even for longer names, everything has to go in 2 languages, Spanish and basque, so it´s even worst than your expectations. But I wouldn´t go "against" RFC 5280 but ask PKIX for an update to allow more characters, but we all know that we´re not having an agree on this because, which should be the new length? 100? 150? No limit?
Iñigo Barreira Responsable del Área técnica [email protected] 945067705 ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ! ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente. -----Mensaje original----- De: [email protected] [mailto:[email protected]] En nombre de Geoff Keating Enviado el: miércoles, 24 de febrero de 2016 23:25 Para: Jeremy Rowley CC: Stephen Davidson; [email protected] Asunto: Re: [cabfpub] RFC5280 > On 24 Feb 2016, at 1:19 PM, Jeremy Rowley <[email protected]> wrote: > > Exactly - there are a lot of these. Should we throw it in the OU and > split it up over multiple lines and put the O field in as " Ecole > Nationale Supérieure"? There isn't a lot of guidance in the BRs with > respect to these long names. I would suggest using the EV guideline: If the combination of names or the organization name by itself exceeds 64 characters, the CA MAY abbreviate parts of the organization name, and/or omit non-material words in the organization name in such a way that the text in this field does not exceed the 64-character limit; provided that the CA checks this field in accordance with section 11.12.1 and a Relying Party will not be misled into thinking that they are dealing with a different organization. In cases where this is not possible, the CA MUST NOT issue the EV Certificate. Maybe we should move this into the BRs? Or some simplified version of it that doesn’t drag in 11.12.1? _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
