rfc822Name

rfc822Name

[1] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.2.1.6>

When the subjectAltName extension contains an Internet mail address,

the address MUST be stored in the rfc822Name. The format of an

rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821].

A Mailbox has the form "Local-part@Domain".

[2] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.2.1.10>

A name constraint for Internet mail addresses MAY specify a

particular mailbox, all addresses at a particular host, or all

mailboxes in a domain. To indicate a particular mailbox, the

constraint is the complete mail address. For example,

"root@example.com" indicates the root mailbox on the host

"example.com". To indicate all Internet mail addresses on a

particular host, the constraint is specified as the host name. For

example, the constraint "example.com" is satisfied by any mail

address at the host "example.com". To specify any address within a

domain, the constraint is specified with a leading period (as with

URIs). For example, ".example.com" indicates all the Internet mail

addresses in the domain "example.com", but not Internet mail

addresses on the host "example.com".

[3] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-4.2.1.10>

Legacy implementations exist where an electronic mail address is

embedded in the subject distinguished name in an attribute of type

emailAddress (Section 4.1.2.6). When constraints are imposed on the

Cooper, et al. Standards Track [Page 41]

page-42

RFC 5280 PKIX Certificate and CRL Profile May 2008

rfc822Name name form, but the certificate does not include a subject

alternative name, the rfc822Name constraint MUST be applied to the

attribute of type emailAddress in the subject distinguished name.

[4] RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ( 版) <http://tools.ietf.org/html/rfc5280#section-7.5>

Where the host-part (the Domain of the Mailbox) contains an

internationalized name, the domain name MUST be converted from an IDN

to the ASCII Compatible Encoding (ACE) format as specified in Section

7.2.

Two email addresses are considered to match if:

1) the local-part of each name is an exact match, AND

2) the host-part of each name matches using a case-insensitive

ASCII comparison.

Implementations should convert the host-part of internationalized

email addresses specified in these extensions to Unicode before

display. Specifically, conforming implementations should perform the

conversion of the host-part of the Mailbox as described in Section

7.2.