Clarify allowed usage of IDNA2003 and IDNA2008

XolphinMartijn · Nov 29, 2024 · fbf6e5b · fbf6e5b
1 parent 6a64edc
commit fbf6e5b
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/BR.md b/docs/BR.md
@@ -2681,6 +2681,8 @@ Table: `GeneralName` within a `subjectAltName` extension
 | `iPAddress`                 | Y             | The entry MUST contain the IPv4 or IPv6 address that the CA has confirmed the Applicant controls or has been granted the right to use through a method specified in [Section 3.2.2.5](#3225-authentication-for-an-ip-address). The entry MUST NOT contain a Reserved IP Address. |
 | `registeredID`              | N             | -              |
 
+**Note**: The allowance for including P-Labels that do not conform to IDNA 2003 is an exception to best practice as defined in RFC 5280. These Requirements allow for the inclusion of P-Labels that do not conform with IDNA 2003 to support newer versions of the Unicode character repertoire, among other improvements to the various IDNA standards.
+
 #### 7.1.2.8 OCSP Responder Certificate Profile
 
 If the Issuing CA does not directly sign OCSP responses, it MAY make use of an OCSP Authorized Responder, as defined by [RFC 6960](https://tools.ietf.org/html/rfc6960#section-4.2.2.2). The Issuing CA of the Responder MUST be the same as the Issuing CA for the Certificates it provides responses for.