Protocol Action: 'Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 17 April 2006 19:04 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FVZ1H-0006Wy-09 for pkix-archive@lists.ietf.org; Mon, 17 Apr 2006 15:04:19 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FVZ1G-00078c-Jk for pkix-archive@lists.ietf.org; Mon, 17 Apr 2006 15:04:18 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3HHnbLe031357; Mon, 17 Apr 2006 10:49:37 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3HHnb6R031356; Mon, 17 Apr 2006 10:49:37 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from willow.neustar.com (willow.neustar.com [209.173.53.84]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3HHnagL031344 for <ietf-pkix@imc.org>; Mon, 17 Apr 2006 10:49:36 -0700 (MST) (envelope-from ietf@ietf.org)
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by willow.neustar.com (8.12.8/8.12.8) with ESMTP id k3HHmq9W024694 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Apr 2006 17:48:52 GMT
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1FVXqF-0000D4-Vu; Mon, 17 Apr 2006 13:48:51 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>, pkix mailing list <ietf-pkix@imc.org>, pkix chair <kent@bbn.com>, pkix chair <stefans@microsoft.com>
Subject: Protocol Action: 'Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile' to Proposed Standard
Message-Id: <E1FVXqF-0000D4-Vu@stiedprstage1.ietf.org>
Date: Mon, 17 Apr 2006 13:48:51 -0400
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
The IESG has approved the following document: - 'Update to DirectoryString Processing in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile ' <draft-ietf-pkix-cert-utf8-03.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact person is Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-cert-utf8-03.txt Technical Summary This document updates the handling of DirectoryString in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, which is published in RFC 3280. This update to RFC 3280 aligns support for international character sets with recent implementation and deployment experience, and the direction of the IETF PKIX Working Group. This specification establishes UTF8String and PrintableString as the preferred encodings. UTF8String provides support for international character sets, and PrintableString preserves support for the vast bulk of the certificates that have already been deployed. Working Group Summary The WG has a strong consensus behind this document. Protocol Quality This specification aligns RFC 3280 with current implementations, reflecting the international PKI community's deployment experience. This specification has been reviewed by Sam Hartman for the IESG. Note to RFC Editor Please revise the first sentence in the replacement text in Section 5. OLD: | When the subjectAltName extension contains a DN in the directoryName, | the same encoding preference as in 4.1.2.4. NEW: | When the subjectAltName extension contains a DN in the directoryName, | the encoding preference is defined in 4.1.2.4. In section 6: OLD: The replacement text is much clearer. The direction is much less prone to implementation error. Also, the use of consistent encoding for name components will ensure that name constraints work as expected. NEW: The use of consistent encoding for name components will ensure that name constraints specified in [PKIX1] work as expected. When strings are mapped from internal representations to visual representations, sometimes two different strings will have the same or similar visual represe ntations. This can happen for many different reasons, including use of similar glyphs and use of composed characters (such as e + ' equaling U+00E9, the Korean composed characters, and vowels above consonant clusters in certain language s). As a result of this situation, people doing visual comparisons between two different names may think they are the same when in fact they are not. Also , people may mistake one string for another. Issuers of certificates and rely ing parties both need to be aware of this situation.