[FIG(quote)[ [FIGCAPTION[ [1] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]] ([TIME[2015-02-22 15:44:10 +09:00]] 版) ]FIGCAPTION] > When the subjectAltName extension contains an Internet mail address, > the address MUST be stored in the rfc822Name. The format of an > rfc822Name is a "Mailbox" as defined in Section 4.1.2 of '''['''RFC2821''']'''. > A Mailbox has the form "Local-part@Domain". ]FIG] [FIG(quote)[ [FIGCAPTION[ [2] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]] ([TIME[2015-02-22 15:44:10 +09:00]] 版) ]FIGCAPTION] > A name constraint for Internet mail addresses MAY specify a > particular mailbox, all addresses at a particular host, or all > mailboxes in a domain. To indicate a particular mailbox, the > constraint is the complete mail address. For example, > "root@example.com" indicates the root mailbox on the host > "example.com". To indicate all Internet mail addresses on a > particular host, the constraint is specified as the host name. For > example, the constraint "example.com" is satisfied by any mail > address at the host "example.com". To specify any address within a > domain, the constraint is specified with a leading period (as with > URIs). For example, ".example.com" indicates all the Internet mail > addresses in the domain "example.com", but not Internet mail > addresses on the host "example.com". ]FIG] [FIG(quote)[ [FIGCAPTION[ [3] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]] ([TIME[2015-02-22 15:44:10 +09:00]] 版) ]FIGCAPTION] > Legacy implementations exist where an electronic mail address is > embedded in the subject distinguished name in an attribute of type > emailAddress (Section 4.1.2.6). When constraints are imposed on the > Cooper, et al. Standards Track '''['''Page 41''']''' > page-42 > RFC 5280 PKIX Certificate and CRL Profile May 2008 > rfc822Name name form, but the certificate does not include a subject > alternative name, the rfc822Name constraint MUST be applied to the > attribute of type emailAddress in the subject distinguished name. ]FIG] [FIG(quote)[ [FIGCAPTION[ [4] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]] ([TIME[2015-02-22 15:44:10 +09:00]] 版) ]FIGCAPTION] > Where the host-part (the Domain of the Mailbox) contains an > internationalized name, the domain name MUST be converted from an IDN > to the ASCII Compatible Encoding (ACE) format as specified in Section > 7.2. > Two email addresses are considered to match if: > 1) the local-part of each name is an exact match, AND > 2) the host-part of each name matches using a case-insensitive > ASCII comparison. > Implementations should convert the host-part of internationalized > email addresses specified in these extensions to Unicode before > display. Specifically, conforming implementations should perform the > conversion of the host-part of the Mailbox as described in Section > 7.2. ]FIG]