/
921.txt
81 lines (67 loc) · 3.45 KB
/
921.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
[FIG(quote)[
[FIGCAPTION[
[1] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]]
([TIME[2015-02-22 15:44:10 +09:00]] 版)
<http://tools.ietf.org/html/rfc5280#section-4.2.1.6>
]FIGCAPTION]
> When the subjectAltName extension contains an Internet mail address,
> the address MUST be stored in the rfc822Name. The format of an
> rfc822Name is a "Mailbox" as defined in Section 4.1.2 of '''['''RFC2821''']'''.
> A Mailbox has the form "Local-part@Domain".
]FIG]
[FIG(quote)[
[FIGCAPTION[
[2] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]]
([TIME[2015-02-22 15:44:10 +09:00]] 版)
<http://tools.ietf.org/html/rfc5280#section-4.2.1.10>
]FIGCAPTION]
> A name constraint for Internet mail addresses MAY specify a
> particular mailbox, all addresses at a particular host, or all
> mailboxes in a domain. To indicate a particular mailbox, the
> constraint is the complete mail address. For example,
> "root@example.com" indicates the root mailbox on the host
> "example.com". To indicate all Internet mail addresses on a
> particular host, the constraint is specified as the host name. For
> example, the constraint "example.com" is satisfied by any mail
> address at the host "example.com". To specify any address within a
> domain, the constraint is specified with a leading period (as with
> URIs). For example, ".example.com" indicates all the Internet mail
> addresses in the domain "example.com", but not Internet mail
> addresses on the host "example.com".
]FIG]
[FIG(quote)[
[FIGCAPTION[
[3] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]]
([TIME[2015-02-22 15:44:10 +09:00]] 版)
<http://tools.ietf.org/html/rfc5280#section-4.2.1.10>
]FIGCAPTION]
> Legacy implementations exist where an electronic mail address is
> embedded in the subject distinguished name in an attribute of type
> emailAddress (Section 4.1.2.6). When constraints are imposed on the
> Cooper, et al. Standards Track '''['''Page 41''']'''
> page-42
> RFC 5280 PKIX Certificate and CRL Profile May 2008
> rfc822Name name form, but the certificate does not include a subject
> alternative name, the rfc822Name constraint MUST be applied to the
> attribute of type emailAddress in the subject distinguished name.
]FIG]
[FIG(quote)[
[FIGCAPTION[
[4] [CITE@en[RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile]]
([TIME[2015-02-22 15:44:10 +09:00]] 版)
<http://tools.ietf.org/html/rfc5280#section-7.5>
]FIGCAPTION]
> Where the host-part (the Domain of the Mailbox) contains an
> internationalized name, the domain name MUST be converted from an IDN
> to the ASCII Compatible Encoding (ACE) format as specified in Section
> 7.2.
> Two email addresses are considered to match if:
> 1) the local-part of each name is an exact match, AND
> 2) the host-part of each name matches using a case-insensitive
> ASCII comparison.
> Implementations should convert the host-part of internationalized
> email addresses specified in these extensions to Unicode before
> display. Specifically, conforming implementations should perform the
> conversion of the host-part of the Mailbox as described in Section
> 7.2.
]FIG]