RFC 5280 doesn't require to support Email component (1.2.840.113549.1.9.1). However, RFC makes the following note (§4.1.2.4):
As noted above, distinguished names are composed of attributes. This
specification does not restrict the set of attribute types that may
appear in names. However, conforming implementations MUST be
prepared to receive certificates with issuer names containing the set
of attribute types defined below. This specification RECOMMENDS
support for additional attribute types.
This quote has several implications:
- No restriction on what RDNs may appear in RDN sequence
- Some RDNs MUST be supported by implementations
- Recommends support for not listed RDNs (including, but limited to X.520), which suggests that application SHALL NOT fail if they face unknown RDN.
In reality, Email RDN is widely supported by many RFC 5280 implementation because this attribute was used by S/MIME-capable applications, such as email clients and servers. Though, it is worth to mention that Email attribute inclusion or omission in Subject field may have no effect when certificate contains SAN extension. DirectoryName ASN.1 type natively supports rfc822Name name type for email addresses. That is, when email must be included in a certificate, it MUST be populated in SAN extension. Optionally (not required), it can be duplicated in Subject field.
