We see another potential issue with the proposed PRIVATE option. Rob's current proposal would have us replace a domain label with the literal string "<PRIVATE>" (without the quotes). However, we try to encode DN components as PrintableString where possible, and angle brackets are not part of the PrintableString set (the lowercase letters 'a' through 'z', uppercase letters 'A' through 'Z', the digits '0' through '9', eleven special characters ' = ( ) + , - . / : ? and space).
As a result, the type of the DN component would be PrintableString in the real cert but utf8String in the pre-certificate, and that would cause problems. I suggest using parentheses instead of angle brackets. -Rick
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
