IETF Logo Mail Archive

Re: [pkix] [smime] Support for email address internationalization in RFC5280 certificates

George Michaelson <ggm@algebras.org> Wed, 06 April 2016 09:32 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B6CF12D0BC for <pkix@ietfa.amsl.com>; Wed, 6 Apr 2016 02:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EaStqVoBaOHa for <pkix@ietfa.amsl.com>; Wed, 6 Apr 2016 02:32:40 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2A4D12D0B6 for <pkix@ietf.org>; Wed, 6 Apr 2016 02:32:39 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id w85so50913955oiw.0 for <pkix@ietf.org>; Wed, 06 Apr 2016 02:32:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=PdyXdaAmDiTMApxQ8e/EmRU1oI9MIkSN+1PL1MX+p9c=; b=uaPbUXwNrlBy0YX3RZdBEFOqfqMj3cOmTW08G46Sn5lTL3p65oHZ4tYuUl8rN15MUz vRVZqbcGljhD1qyaJKf2TkOu2+Z05LIht92Ym0Q7ivvvI2aprINfhgjQgVsi4BxFL4OS KfOxYoLDoSvalEOhwtwcxpJ0bunUHTbYU/SCMUu5TyMDguDi8a1Ar3Qy1DwC+Ns1G7/B akIDCrLmboIsO7X/RRiy7ZXBTGjVCrX7DbZW20T8c7GEHhq07F65JtB92DWLv2dJgTXv O/sHVJxhev4+Iivv10Eggo7Dg4Gn4mYoOeyXnDSjFYKa/tP+wzPXS+IwY/Y/d616Z6nm tnLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=PdyXdaAmDiTMApxQ8e/EmRU1oI9MIkSN+1PL1MX+p9c=; b=FqFyL96sKUwvZ04ssEHtHLVMJSEPKRkhLyrouTM5RW9EmfpECyV2910Sfl4bejCL5Z hSqA5t0Ux/9PweD2d6kQ7EQQUTKodLbGuDnb79phtdTEDkNazfQ5ZOV1g4ii6GXWKhcF /+YQbhnRzbSOcxE3R+iuq0phyu+5aBXJys0wF0HRm49iQBp4zCLWk3ZVqJTnRL23FH6J EOXU80sqXqtHSzvlhCiVKGHFk4gEKKabApTLPNaNpapUFa1I2h25d/WWNurJsKekSoYY 46cI6L3PD2jipHXOBA+LaQxatLihEVJpeEXUh2eXNoMrHtHwN/5++lRf+7HdisSTzg8n fQWA==
X-Gm-Message-State: AD7BkJL0ue/Adls5oFsTTKeISmKBZbMO6b+jn3OdIAFwY98V7rUetqLEBvA1LiKDEC4mMIx6JfD7ocDHRVXcxA==
MIME-Version: 1.0
X-Received: by 10.157.12.200 with SMTP id o8mr16963680otd.148.1459935158501; Wed, 06 Apr 2016 02:32:38 -0700 (PDT)
Received: by 10.182.187.97 with HTTP; Wed, 6 Apr 2016 02:32:38 -0700 (PDT)
X-Originating-IP: [190.104.245.184]
In-Reply-To: <57045015.9010103@drh-consultancy.co.uk>
References: <CAAFsWK0F6K_9VrDL7aX0QN56mWdhHsq0KV_1moR9pJ=A4E1BaA@mail.gmail.com> <CAK6vND-nAztjm9DzKNdCf1Hm2rbN5zAN4GWKuu5PiF49LeRSsw@mail.gmail.com> <CAAFsWK0yYrEJkazOcyc+hOUTaihcBi6Aa31g9g3TyxvVzxyF5A@mail.gmail.com> <C726CA9F-369B-4EC9-BB0E-8AE38553858D@seantek.com> <DD5CD1E9-1031-468C-8AA3-D1E2FEAD0B6F@vigilsec.com> <028101d18f60$dd6262e0$982728a0$@augustcellars.com> <CAAFsWK2HA83a6C+ofbaHFE3JCncf8Z-xwy7bCVPC7F+j6DfM4A@mail.gmail.com> <CAKr6gn1vVAmZLHtS4GtRoX19v-ECKMStkQZE5Ec9vQV2t8rSaw@mail.gmail.com> <57045015.9010103@drh-consultancy.co.uk>
Date: Wed, 06 Apr 2016 06:32:38 -0300
Message-ID: <CAKr6gn1Ou3cweepLVE7TgCH5F3fjA5Rrtfcr0Rq7tUoa9-ia4w@mail.gmail.com>
From: George Michaelson <ggm@algebras.org>
To: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/ei6ANJ8nkwaobC2q88KKvlXQIFk>
Cc: IETF PKIX <pkix@ietf.org>, IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] [smime] Support for email address internationalization in RFC5280 certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2016 09:32:44 -0000

Oh, if its not the *default* thats much better. I had assumed from how
the problem presented this was because of default settings, but if we
shot ourselves in the foot by selecting this mode, then there isn't an
issue.

Thanks for the clarification Stephen.

-George

On Tue, Apr 5, 2016 at 8:53 PM, Dr Stephen Henson
<lists@drh-consultancy.co.uk> wrote:
> On 05/04/2016 22:02, George Michaelson wrote:
>> IIRC OpenSSL choses the most compact syntactically acceptable ASN.1
>> alphabet to represent strings. So, if your labels fit in IA5String,
>> thats what it is. But if tomorrow you re-issue and they no longer fit,
>> then it promotes to the next minimally correct ASN.1 alphabet.
>>
>
> It can do that if it is configured to do so and the API is used with appropriate
> flags. However that is not mandatory behaviour and if you don't want that you
> don't have to use it.
>
> Steve.
> --
> Dr Stephen N. Henson.
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Freelance consultant see: http://www.drh-consultancy.co.uk/
> Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.

v2.23.0 | Report a Bug | By Email