[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC5280 update for IDNA2008
From: |
Tim Ruehsen |
Subject: |
Re: RFC5280 update for IDNA2008 |
Date: |
Mon, 16 Jan 2017 16:07:30 +0100 |
User-agent: |
KMail/5.2.3 (Linux/4.8.0-2-amd64; KDE/5.28.0; x86_64; ; ) |
On Monday, January 16, 2017 1:12:00 PM CET Nikos Mavrogiannopoulos wrote:
> Hi,
> There is an attempt to update RFC5280 with IDNA2008:
> https://mailarchive.ietf.org/arch/msg/spasm/o0l9nJ4TMPla7KQeqnEyDIqz_Lw
>
> Do you have any comments on the effort? I do not know whether the
> conversion rules listed in section 7.2 apply in IDNA2008, nor whether
> the TR#46 should be referred to or ignored (as it is done now).
"NEW
Domain Names may also be represented as distinguished names using
domain components in the subject field, the issuer field, the
subjectAltName extension, or the issuerAltName extension. As with
the dNSName in the GeneralName type, the value of this attribute is
defined as an IA5String. Each domainComponent attribute represents a
single label. To represent a label from an IDN in the distinguished
name, the implementation MUST perform the "ToASCII" label conversion
specified in Section 4.1 of [RFC3490]. The label SHALL be considered
a "stored string". That is, the AllowUnassigned flag SHALL NOT be
set."
The draft doesn't mention preprocessing of IDNs at all, just mentions still
RFC3490 (known as IDNA 2003).
This doesn't clarify anything, just changes the wording...
At it's current state, it is useless (for me).
Tim
signature.asc
Description: This is a digitally signed message part.