emailAddress

emailAddress

[1] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.1.2.6>

Legacy implementations exist where an electronic mail address is

embedded in the subject distinguished name as an emailAddress

attribute [RFC2985]. The attribute value for emailAddress is of type

IA5String to permit inclusion of the character '@', which is not part

of the PrintableString character set. emailAddress attribute values

are not case-sensitive (e.g., "subscriber@example.com" is the same as

"SUBSCRIBER@EXAMPLE.COM").

Conforming implementations generating new certificates with

electronic mail addresses MUST use the rfc822Name in the subject

alternative name extension (Section 4.2.1.6) to describe such

identities. Simultaneous inclusion of the emailAddress attribute in

the subject distinguished name to support legacy implementations is

deprecated but permitted.

[2] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.2.1.10>

Legacy implementations exist where an electronic mail address is

embedded in the subject distinguished name in an attribute of type

emailAddress (Section 4.1.2.6). When constraints are imposed on the

Cooper, et al. Standards Track [Page 41]

page-42

RFC 5280 PKIX Certificate and CRL Profile May 2008

rfc822Name name form, but the certificate does not include a subject

alternative name, the rfc822Name constraint MUST be applied to the

attribute of type emailAddress in the subject distinguished name.

[3] RFC 2985 - PKCS #9: Selected Object Classes and Attribute Types Version 2.0 ( 版) <http://tools.ietf.org/html/rfc2985#page-8>