IETF Logo Mail Archive

FQDN goes in commonName or domainComponent?

Brian Korver <briank@xythos.com> Fri, 15 November 2002 13:58 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id gAFDwVg11092; Fri, 15 Nov 2002 05:58:31 -0800 (PST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id IAA25483 Fri, 15 Nov 2002 08:30:07 -0500 (EST)
Date: Thu, 14 Nov 2002 18:52:49 -0800
Subject: FQDN goes in commonName or domainComponent?
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Mime-Version: 1.0 (Apple Message framework v546)
Cc: ipsec@lists.tislabs.com
To: "Housley, Russ" <rhousley@rsasecurity.com>
From: Brian Korver <briank@xythos.com>
Content-Transfer-Encoding: 7bit
Message-Id: <53E04FFA-F845-11D6-A746-000393751598@xythos.com>
X-Mailer: Apple Mail (2.546)
X-Envelope-To: ipsec@lists.tislabs.com, rhousley@rsasecurity.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Re: draft-ietf-ipsec-pki-profile-01.txt

On Wednesday, November 13, 2002, at 08:41 AM, Housley, Russ wrote:
>>> In section 4.1.2.2.2, describing conventions for FQDN Host Names, I 
>>> think that the SHOULD and MAY are backwards.  When a DQDN is carried 
>>> in the subject field of a certificate, the domainComponent attribute 
>>> SHOULD be used.  The commonName attribute MAY be used instead.  I 
>>> prefer dNSName in the SubjectAltName extension to both of these!

Your final statement agrees with the draft's SHOULD NOT.

On the other hand, domainComponent isn't nearly as standard
as commonName for containing FQDNs.  In fact, I'd be surprised
if much software could even process that attribute type and
display it to a user.

Question to the list:  How common is support domainComponent?
Which should be preferred?

-brian
briank@xythos.com

v2.23.0 | Report a Bug | By Email