On Wed, 6 May 2026 15:01:32 GMT, Artur Barashev <[email protected]> wrote:
>> I had the very same thought while writing the docs, but had difficulty in >> implementing it. Initially, I've thought of referencing to >> `sun.security.x509.DNSName`. But it is neither well-documented, nor public. >> I can suggest two candidates: >> >> 1. [RFC 1123 "Requirements for Internet Hosts -- Application and Support" > >> 2.1 Host Names and >> Numbers](https://www.rfc-editor.org/rfc/rfc1123.html#page-13). — It is >> already referenced in `@spec`, it amends [RFC 952 "DOD INTERNET HOST TABLE >> SPECIFICATION"](https://www.rfc-editor.org/rfc/rfc952.html), and it contains >> a "good enough" definition. >> 2. [RFC 5280 "Internet X.509 Public Key Infrastructure Certificate and >> Certificate Revocation List (CRL) Profile" > 4.2.1.6. Subject Alternative >> Name](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.6) — AFAICT, >> this is _"the authoritative definition"_, but it has never been mentioned >> earlier in `SNIHostName` or `SNIServerName`. >> >> @artur-oracle, @AlanBateman, do you have a certain preference? Shall I >> simply use RFC 1123? > > Both RFC 5280 and RFC 1123 are referenced in `sun.security.x509.DNSName` > class-level javadoc, so we can do the same here. There are multiple RFCs > actually that define/amend the DNS format, but I think we can just mention > these two. About RFC 5280 never been mentioned earlier in `SNIHostName` or `SNIServerName`: we also never validated a proper DNS format before in `SNIHostName`, now we do. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30747#discussion_r3196435844
