[1] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.1.2.6>
Legacy implementations exist where an electronic mail address is
embedded in the subject distinguished name as an emailAddress
attribute [RFC2985]. The attribute value for emailAddress is of type
IA5String to permit inclusion of the character '@', which is not part
of the PrintableString character set. emailAddress attribute values
are not case-sensitive (e.g., "subscriber@example.com" is the same as
"SUBSCRIBER@EXAMPLE.COM").
Conforming implementations generating new certificates with
electronic mail addresses MUST use the rfc822Name in the subject
alternative name extension (Section 4.2.1.6) to describe such
identities. Simultaneous inclusion of the emailAddress attribute in
the subject distinguished name to support legacy implementations is
deprecated but permitted.
[2] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.2.1.10>
Legacy implementations exist where an electronic mail address is
embedded in the subject distinguished name in an attribute of type
emailAddress (Section 4.1.2.6). When constraints are imposed on the
Cooper, et al. Standards Track [Page 41]
page-42
RFC 5280 PKIX Certificate and CRL Profile May 2008
rfc822Name name form, but the certificate does not include a subject
alternative name, the rfc822Name constraint MUST be applied to the
attribute of type emailAddress in the subject distinguished name.
[3] RFC 2985 - PKCS #9: Selected Object Classes and Attribute Types Version 2.0 ( 版) <http://tools.ietf.org/html/rfc2985#page-8>