Return-Path: X-Original-To: ldapext@ietfa.amsl.com Delivered-To: ldapext@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0724E1A6FFC for ; Fri, 26 Sep 2014 08:32:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fqchj-7T2DP for ; Fri, 26 Sep 2014 08:32:00 -0700 (PDT) Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F345D1A6F56 for ; Fri, 26 Sep 2014 08:31:59 -0700 (PDT) Received: by mail-we0-f178.google.com with SMTP id t60so9663083wes.23 for ; Fri, 26 Sep 2014 08:31:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:message-id:in-reply-to:references:subject:mime-version :content-type; bh=OSUqtSxJaniSem8VIR86DbWshj+Bq1lShPI+CXJR+mU=; b=NHL5z50DgCgojkGhQcxEQJCLTFQB3dHoQhDQYLWkSmuoO1goxklCkse6bLbLCUQs0T tkgfXaqrrhFnmlurvGegreH053oInwzFNwtzJvieJqzdPJEMJC0ma3zd1F/Kceni32BW D8tKCpxXWkhbxogDRpxu2Q8KdvvDN8RamzpXU0FeJcvIDtzfe7WRIpdLVlciVaA7tSKj FMbCOm8OpHQ+F4VCJQcMb75rh4pWhM2FSQ3for3nuhflMMVsKP/Ime3keKxm5mZr4g2+ 5YBr/RuLS+d15HxqdbXk69KlVuhmn8qpza7KxKR+TCsGatEyKWw02k01BHRbG4c5AoYc WBhg== X-Received: by 10.194.80.71 with SMTP id p7mr24678566wjx.35.1411745518470; Fri, 26 Sep 2014 08:31:58 -0700 (PDT) Received: from lpm.local ([46.218.40.139]) by mx.google.com with ESMTPSA id t9sm6521214wjf.41.2014.09.26.08.31.57 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Fri, 26 Sep 2014 08:31:57 -0700 (PDT) Date: Fri, 26 Sep 2014 17:31:57 +0200 From: Ludovic Poitou To: ldapext@ietf.org, Sean Leonard Message-ID: In-Reply-To: <5425848B.3040504@seantek.com> References: <20140926115934.25447.2865.idtracker@ietfa.amsl.com> <542558EB.4000709@stroeder.com> <5425848B.3040504@seantek.com> X-Mailer: Airmail Beta (258) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="542586ed_2d1d5ae9_48ca" Archived-At: http://mailarchive.ietf.org/arch/msg/ldapext/D8d2KMnw-VO-vAk3QI-GzD6biiQ Subject: Re: [ldapext] Fwd: New Version Notification for draft-stroeder-mailboxrelatedobject-06.txt X-BeenThere: ldapext@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: LDAP Extension Working Group List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Sep 2014 15:32:03 -0000 --542586ed_2d1d5ae9_48ca Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi Sean, DirectoryString is defined in R=46C4517 as : 3.3.6. Directory String A value of the Directory String syntax is a string of one or more arbitrary characters from the Universal Character Set (UCS) =5BUCS=5D.= A zero-length character string is not permitted. The LDAP-specific encoding of a value of this syntax is the UT=46-8 encoding =5BR=46C362= 9=5D of the character string. Such encodings conform to the following ABN=46:= DirectoryString =3D 1*UT=468 The rule is defined in =5BR=46C4512=5D. I think it does correspond to the need of internationalised e-mail addres= see. Regards, Ludovic. --=C2=A0 Ludovic Poitou http://ludopoitou.wordpress.com On 26 Sep 2014 at 17:22:18, Sean Leonard (dev+ietf=40seantek.com) wrote: Since I'm new to this list, I searched ietf.org and noticed that this =20 draft has not gotten a lot of discussion. If my search was inaccurate, I = =20 apologize in advance for bringing up previously discussed issues. =20 Storing internationalized e-mail addresses in LDAP-related protocols =20 raises a lot of novel issues that I do not think are adequately =20 addressed by this draft. Accordingly, this work ought to be brought up =20 to other IET=46 areas, namely the apps and security areas. =20 As one example, security-related protocols such as PKIX certificate use =20 distinguished names as an integral part of the protocol. There are =20 already issues with the relationship between the =22emailAddress=22 =20 attribute and authentication of the e-mail address (namely the =20 rfc822Name component of a GeneralName); the fact that mail and =20 emailAddress are two separate attributes (with more-or-less the same =20 meaning) only makes matters worse. I can certainly envision applications = =20 that display LDAP or security names, where adding this intlMailAddr =20 would serve to confuse or attack users. This makes me wonder if it is =20 better to extend the syntax of emailAddress so that it is a CHOICE of =20 IA5String or UT=468String. There are lots of reasons against that, but =20 there are lots of reasons for it too. =20 =46urthermore, where there's a will, there's a way--since the security =20 area has not yet standardized on how to integrate EAI into PKIX or other = =20 places, I can easily see people starting to stuff intlMailAddr into =20 those protocols as a non-standard way to get what the market needs. =20 This draft does not refer to the EAI work normatively, but the EAI work =20 is normative with respect to the format of e-mail addresses. EAI also =20 probably has some say in how to compare e-mail addresses for equality =20 (which has a cascading effect on application protocols such as LDAP, in =20 addition to security protocols). =20 =46inally, I assume that the choice of DirectoryString is for convenience= , =20 since =22most=22 LDAP implementations will pick DirectoryString by defaul= t. =20 But EAI exclusively defines the encoding of an internationalized e-mail =20 address as UT=46-8, which means that the repetoire of EAI is virtually al= l =20 Unicode characters. It puts considerable additional burden on =20 implementations to take a DirectoryString in one of the less-used =20 formats, such as TeletexString, and parse it into Unicode. (The =20 character sets that can be encoded in TeletexString may not be bijective = =20 with respect to Unicode, introducing exploitable ambiguities.)* =20 Therefore, I think that the value should be UT=468String alone. =20 Sean =20 *In 2011 I wrote =22ASN.1 Teletexer=22, an ISO C implementation that =20 converts TeletexString to Unicode. =20 So I'm pretty familiar with =20 this minefield. =20 On 9/26/2014 5:15 AM, Michael Str=C3=B6der wrote: =20 > HI=21 =20 > =20 > I've sent this draft to the R=46C editor for review. =20 > Anyone here willing to act as reviewer=3F =20 > =20 > Still sorting out some idnits issues for next version but those are onl= y minor =20 > details. =20 > =20 > Ciao, Michael. =20 > =20 > -------- =46orwarded Message -------- =20 > Subject: New Version Notification for draft-stroeder-mailboxrelatedobje= ct-06.txt =20 > Date: =46ri, 26 Sep 2014 04:59:34 -0700 =20 > =46rom: internet-drafts=40ietf.org =20 > To: Michael Stroeder , Michael Stroeder =20 > =20 > =20 > =20 > A new version of I-D, draft-stroeder-mailboxrelatedobject-06.txt =20 > has been successfully submitted by Michael Stroeder and posted to the =20 > IET=46 repository. =20 > =20 > Name: draft-stroeder-mailboxrelatedobject =20 > Revision: 06 =20 > Title: Lightweight Directory Access Protocol (LDAP): Auxiliary Object = Class =20 > 'mailboxRelatedObject' =20 > Document date: 2014-09-26 =20 > Group: Individual Submission =20 > Pages: 5 =20 > URL: =20 > http://www.ietf.org/internet-drafts/draft-stroeder-mailboxrelatedobject= -06.txt =20 > Status: =20 > https://datatracker.ietf.org/doc/draft-stroeder-mailboxrelatedobject/ =20 > Htmlized: http://tools.ietf.org/html/draft-stroeder-mailboxrelatedobjec= t-06 =20 > Diff: =20 > http://www.ietf.org/rfcdiff=3Furl2=3Ddraft-stroeder-mailboxrelatedobjec= t-06 =20 > =20 > Abstract: =20 > This document defines the auxiliary object class =20 > 'mailboxRelatedObject' that can be used to associate an arbitrary =20 > object with an Internet mail address. =46urthermore an attribute =20 > 'intlMailAdr' is defined for storing fully internationalized Internet =20 > mail addresses. =20 > =20 > =20 > =20 > =20 > Please note that it may take a couple of minutes from the time of submi= ssion =20 > until the htmlized version and diff are available at tools.ietf.org. =20 > =20 > The IET=46 Secretariat =20 > =20 > =20 > =20 > =20 > =20 > =20 > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =20 > Ldapext mailing list =20 > Ldapext=40ietf.org =20 > https://www.ietf.org/mailman/listinfo/ldapext =20 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =20 Ldapext mailing list =20 Ldapext=40ietf.org =20 https://www.ietf.org/mailman/listinfo/ldapext =20 --542586ed_2d1d5ae9_48ca Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline