Re: Last Call: <draft-ietf-lamps-eai-addresses-05.txt> (Internationalized Email Addresses in X.509 certificates) to Proposed Standard

"John R. Levine" <johnl@iecc.com> Sat, 11 February 2017 21:06 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E08981293D8 for <ietf@ietfa.amsl.com>; Sat, 11 Feb 2017 13:06:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LSNBdeOKurVh for <ietf@ietfa.amsl.com>; Sat, 11 Feb 2017 13:06:51 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAE17127076 for <ietf@ietf.org>; Sat, 11 Feb 2017 13:06:51 -0800 (PST)
Received: (qmail 1797 invoked from network); 11 Feb 2017 21:06:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=703.589f7cea.k1702; bh=f90RDY9FpJXCWbvGHC1gf95+av3re4dhhitpNdP/92o=; b=jGHCShsHBcEdRHsqEUO42XOBmEHFwDDYMky9ieuB84+EmtaIeLXIukfFKCck1WdQAKexLBZ+ugjpdNiuesvW3/1iBJT9NXTrpkYfo7N/Zj3idI/JYPm5nzjkkScuxKFXZjmmpyqpMhh9LzsFPfGQ2FmOsy1FsMJDIrz2vo9qq+h3M/1IL70vQbJRJ/CUFmNdfnu31n6yoOyZtsTXL0icIRauMyf9cZrLEyFjbu6xGYcgFGUXJa1UfTrg3wJLoBah
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 11 Feb 2017 21:06:50 -0000
Date: 11 Feb 2017 16:06:49 -0500
Message-ID: <alpine.OSX.2.20.1702111606270.2386@ary.qy>
From: "John R. Levine" <johnl@iecc.com>
To: "IETF general list" <ietf@ietf.org>
Subject: Re: Last Call: <draft-ietf-lamps-eai-addresses-05.txt> (Internationalized Email Addresses in X.509 certificates) to Proposed Standard
User-Agent: Alpine 2.20 (OSX 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ngUOjvCHubjcyiG4uZ0w16-5-fg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2017 21:06:53 -0000

>Once again, a CA with *ONLY* rfc822Name constraints should not be
>able to able issue EE certificates with SmtpUtf8Name altNames that
>conflict with its rfc822Name constraints.

How about if a CA with only rfc822Name constraints can't issue certs
with SmtpUTF8Names at all, and of course vice versa.  If you want both
kinds of names, the CA has to constrain both.

R's,
John