In addition, implementations of this specification MUST be prepared

to receive the domainComponent attribute, as defined in [RFC4519].

The Domain Name System (DNS) provides a hierarchical resource

labeling system. This attribute provides a convenient mechanism for

organizations that wish to use DNs that parallel their DNS names.

This is not a replacement for the dNSName component of the

alternative name extensions. Implementations are not required to

convert such names into DNS names. The syntax and associated OID for

this attribute type are provided in the ASN.1 modules in Appendix A.

Rules for encoding internationalized domain names for use with the

domainComponent attribute type are specified in Section 7.3.

a DNS name MAY also be

represented in the subject field using the domainComponent attribute

as described in Section 4.1.2.4. Note that where such names are

represented in the subject field implementations are not required to

convert them into DNS names.

Comparisons of domainComponent attributes MUST be performed as

specified in Section 7.3.

Each domainComponent attribute represents a

single label. To represent a label from an IDN in the distinguished

name, the implementation MUST perform the "ToASCII" label conversion

specified in Section 4.1 of RFC 3490. The label SHALL be considered

a "stored string". That is, the AllowUnassigned flag SHALL NOT be

set.

Conforming implementations shall perform a case-insensitive exact

match when comparing domainComponent attributes in distinguished

names, as described in Section 7.2.

Implementations should convert ACE labels to Unicode before display.

Specifically, conforming implementations should perform the

"ToUnicode" conversion operation specified, as described in Section

7.2, on each ACE label before displaying the name.