Re: [pkix] Strings in certificates
Wei Chuang <weihaw@google.com> Sat, 06 February 2016 07:25 UTC
Return-Path: <weihaw@google.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ADA31ACD63 for <pkix@ietfa.amsl.com>; Fri, 5 Feb 2016 23:25:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FeH2pjNNDf5Y for <pkix@ietfa.amsl.com>; Fri, 5 Feb 2016 23:25:17 -0800 (PST)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 756761ACD5C for <pkix@ietf.org>; Fri, 5 Feb 2016 23:25:17 -0800 (PST)
Received: by mail-ig0-x229.google.com with SMTP id xg9so27952215igb.1 for <pkix@ietf.org>; Fri, 05 Feb 2016 23:25:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AUU0Fvn2YrofOh3YVFPYWUaQFIkDcyEpdMpV4U4ZK00=; b=XOXF+t74RXQDsMrDh+gt5RE4nbgypBfxpHVVshbfsa72uyvofRvNdxUtjfbOu1CSwm FTiMya+BrbzKrWO9j4SXtSEIWmylsfMMTSv4r9cJumDVMWgwQOdpBBgpFY9biAKPJUlD 9NqrYX0HhxYHnA0ia+LeYEm+m56w3khPgTdQGpAFlgcY6fZV5vW/174EJi2Vx8l8CYod dxt3Dwwr9QP89v0onzI61HLBKbpAfhdVElpgHlSgP47oEu5WfDx5P1vAZJ9L0Iwy1H7A q8ddBmJ/JfdrjKG9cu8A/Lvf0wn8BYZdatame0m1dJ2XBkXq8QgVwvar87WisCmI9A5B /ThA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=AUU0Fvn2YrofOh3YVFPYWUaQFIkDcyEpdMpV4U4ZK00=; b=M9FsPcJDJZMmuEU1X+wgvrOZkCS67MXG9qDr35YFSvS5AGvo0iIVloWKAJwT6jeSDO rrAxZJR4Q0sDGYhlPWjvSXeGWiNRNq6viUpz9shosM1VO0MxyEKuL5jKt+uRkW17vRL5 /5pYSuHgBV12tg+ZJTQe4qNDDlsiffIzbmAbLN/PyEUgRp10CwMn2Ez/H7b+Mi2aZWy7 K6a505I4VjQiqQJASEOgWLo5RH1ETEVhil+aSq7b0RxicmRRX4GiDHmMsS2PNiH3E+Sy uL5Ql/yW5WrwI0ukDXzQuIlE2c680wECgGAOUsosvysRJOgO/D2BCiRDpg5O/edlG8Nn zH3Q==
X-Gm-Message-State: AG10YOQcyBIg10Sf/vl0mNnRbZ3Z21IaI0viopKpRPocS0MqKCBg6vInvoYupJvZNtlTIbV7lqBqDXWR4McwcVQi
MIME-Version: 1.0
X-Received: by 10.50.66.196 with SMTP id h4mr805126igt.65.1454743516796; Fri, 05 Feb 2016 23:25:16 -0800 (PST)
Received: by 10.64.149.39 with HTTP; Fri, 5 Feb 2016 23:25:16 -0800 (PST)
In-Reply-To: <EF420DBE-E86C-4B8C-9A87-86937C99D4E2@vigilsec.com>
References: <CAK6vND-NRgJVW9Qjg+vktv5s0TGhGtMBB76f5hQ77nvsqz9JXw@mail.gmail.com> <A9FBB43B-47E7-4144-91EA-F5013A41BEA7@sn3rd.com> <CAK6vND-73A7XSpPgb=or9NZCUYY0s0ADHU50j06-c5jayoaMNw@mail.gmail.com> <CAAFsWK0iph93ZAga=k+O_O1d3CJ4gmmwzNn7_NbJJPBRXQBqyA@mail.gmail.com> <EF420DBE-E86C-4B8C-9A87-86937C99D4E2@vigilsec.com>
Date: Fri, 05 Feb 2016 23:25:16 -0800
Message-ID: <CAAFsWK3SiNfPgsLEx_8L0_EzRFASD8Q-BDjA3PcANd0r2GA7-g@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="047d7bdc15b48f172e052b14de7e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/efyYbfGtZQ8rnu_9UUUx4O8mhhQ>
Cc: IETF PKIX <pkix@ietf.org>
Subject: Re: [pkix] Strings in certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 07:25:19 -0000
On Fri, Feb 5, 2016 at 3:40 PM, Russ Housley <housley@vigilsec.com> wrote: > > On Feb 5, 2016, at 6:10 PM, Wei Chuang wrote: > > >> 3) Unicode normalization >> >> >> >> A number of fields in certificates can take unicode strings. Is there >> >> any specification as to how (or if) they should be normalized? >> > >> > I thought there were references in s7 of RFC 5280 (and some tweaks in >> s5 of RFC 6818). There’s also some additional information in RFC 6125. In >> a perfect world, the output of precis (https://datatracker.ietf.org/ >> wg/precis/documents/) would be adopted the world over. I’m not going to >> hold my breath though. >> >> I don't see anything there that specifies a specific normalization >> form for storage, except for the one thing about explicitText. I'll >> assuming anything (including mixed) is good. >> > > Just piling on. May be I'm misreading those two section (s7 of RFC5280 > and s5 of RFC6818), while there's IDN support, there's no mention of > handling Unicode in email address rfc822Name local-part or URL uniformResourceIdentifier > path or query parts. It seems like an important loophole that should be > fixed. Would folks here be willing to help in standardizing some in > certificate encoding for these types? > > > I'm willing to help with a clarifications document. > That sounds like a good approach. -Wei > I do not need to revisit the decisions recorded in every section of RFC > 5280 all over again. > > Russ > > > >
- Re: [pkix] Strings in certificates Wei Chuang
- Re: [pkix] Strings in certificates Russ Housley
- Re: [pkix] Strings in certificates Wei Chuang
- [pkix] Strings in certificates Peter Bowen
- Re: [pkix] Strings in certificates Erwann Abalea
- Re: [pkix] Strings in certificates Rob Stradling
- Re: [pkix] Strings in certificates Erwann Abalea
- Re: [pkix] Strings in certificates Sean Turner
- Re: [pkix] Strings in certificates Peter Bowen