On 2013-02-22, at 14:01, Andrew Sullivan <asullivan@dyn.com> wrote:
On Fri, Feb 22, 2013 at 04:57:42PM +1100, Mark Andrews wrote:
RFC 952 as modified by RFC 1123 describe the legal syntax of a hostname. There is no trailing period.
Mark is of course correct about this, but it doesn't fully help.
The basic problem is (as always) the confusion about the difference between a hostname and a fully-qualified domain name, which so happens to be also a hostname.
Actually, I think the problem is the confusion between a label string terminated in a dot (to indicate that no search domain should be appended) and a label string not so-terminated (which might mean that a search domain is attempted, depending on local configuration). There is no simple terminology to distinguish between the two cases that I am aware of. I think the original question's context was how to format a CN in a CSR. I believe the most useful answer is "single CN, fully-qualified domain name with no trailing dot". The terminology "root zone" or "root domain" to explain the trailing dot is misleading and unhelpful, I find. Joe