[9] RFR: 8054380: X.509 cert extension SubjectAltName should allow digits as first character of dNSName

Jason Uh jason.uh at oracle.com
Wed Aug 6 18:32:50 UTC 2014


Please review this fix, which allows the first character of a DNSName in 
a SubjectAltName to be either a letter or a digit.

http://cr.openjdk.java.net/~juh/8054380/webrev.01/

This change is to stay compliant with RFC 1123:

RFC 1123, Section 2.1:
>  One aspect of host name syntax is hereby changed: the
>       restriction on the first character is relaxed to allow either a
>       letter or a digit.  Host software MUST support this more liberal
>       syntax.

Please note this only applies to the first character of the hostname, 
not the first character of each component in the DNS Name. Given the 
grammar defined in RFC 952:

   <official hostname> ::= <hname>
   <hname> ::= <name>*["."<name>]
   <name>  ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]

That is all that is allowed by the above update in
RFC 1123.

Thanks,
Jason


More information about the security-dev mailing list