[9] RFR: 8054380: X.509 cert extension SubjectAltName should allow digits as first character of dNSName
Jason Uh
jason.uh at oracle.com
Wed Aug 6 18:32:50 UTC 2014
Please review this fix, which allows the first character of a DNSName in
a SubjectAltName to be either a letter or a digit.
http://cr.openjdk.java.net/~juh/8054380/webrev.01/
This change is to stay compliant with RFC 1123:
RFC 1123, Section 2.1:
> One aspect of host name syntax is hereby changed: the
> restriction on the first character is relaxed to allow either a
> letter or a digit. Host software MUST support this more liberal
> syntax.
Please note this only applies to the first character of the hostname,
not the first character of each component in the DNS Name. Given the
grammar defined in RFC 952:
<official hostname> ::= <hname>
<hname> ::= <name>*["."<name>]
<name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]
That is all that is allowed by the above update in
RFC 1123.
Thanks,
Jason
More information about the security-dev
mailing list