Hello
We issue among others certificates for secure email to the public. Our standard profile uses the email field according RFC 3280. We came to the conclusion that all newer email implementation can handle email addresses in the subject field a email.
We are now in the process of implementing a automatic interface by means of CMP (RFC 2510). The product attached and tested requests the email in the certificate extension SubjectAltName. By browsing around I came across RFC 3850 where is stated:
3. Using Distinguished Names for Internet Mail
End-entity certificates MAY contain an Internet mail address as described in [RFC-2822]. The address must be an "addr-spec" as defined in Section 3.4.1 of that specification. The email address SHOULD be in the subjectAltName extension, and SHOULD NOT be in the subject distinguished name.
My question:
- What is the current standard for implementing email addresses in a X.509 v3 certificate?
- Is the RFC 822 email address in the SubjectAltName still required or just optional for legacy
Thanks
Lorenz
Attachment:
smime.p7s
Description: S/MIME cryptographic signature