Re: [pkix] [apps-discuss] character repertoire for fragment identifiers
Sam Ruby <rubys@intertwingly.net> Sun, 11 January 2015 22:24 UTC
Return-Path: <rubys@intertwingly.net>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1948D1A87C3 for <pkix@ietfa.amsl.com>; Sun, 11 Jan 2015 14:24:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nGFe-irEN42d for <pkix@ietfa.amsl.com>; Sun, 11 Jan 2015 14:24:08 -0800 (PST)
Received: from cdptpa-oedge-vip.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.227]) by ietfa.amsl.com (Postfix) with ESMTP id 29E221A1AFA for <pkix@ietf.org>; Sun, 11 Jan 2015 14:24:08 -0800 (PST)
Received: from [98.27.51.253] ([98.27.51.253:5734] helo=rubix) by cdptpa-oedge02 (envelope-from <rubys@intertwingly.net>) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id 92/72-23646-708F2B45; Sun, 11 Jan 2015 22:24:07 +0000
Received: from [192.168.1.102] (unknown [192.168.1.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: rubys) by rubix (Postfix) with ESMTPSA id 74802140C4E; Sun, 11 Jan 2015 17:24:07 -0500 (EST)
Message-ID: <54B2F806.2090509@intertwingly.net>
Date: Sun, 11 Jan 2015 17:24:06 -0500
From: Sam Ruby <rubys@intertwingly.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Sean Leonard <dev+ietf@seantek.com>
References: <20140926010029.26660.82167.idtracker@ietfa.amsl.com> <CACweHNBEYRFAuw9-vfeyd_wf703cvM3ykZoRMqAokRFYG_O7hQ@mail.gmail.com> <DM2PR0201MB09602B351692D424A49C6B0DC3650@DM2PR0201MB0960.namprd02.prod.outlook.com> <CACweHNBN_Bv=jeXQ_VwXi2HzHKNEwZJ1NiF-BJJo_9-mhO60gQ@mail.gmail.com> <54A557E1.6050502@intertwingly.net> <CACweHNCQZg1U1u8U=-f6h0+BPnp6Wr_T=r_wGiPAbhTbuMCGWQ@mail.gmail.com> <54A94109.5010901@intertwingly.net> <00cf01d02cc7$d5dba4c0$4001a8c0@gateway.2wire.net> <54B16C2B.9050604@seantek.com> <54B17BBE.4000900@intertwingly.net> <54B18B61.8010308@seantek.com> <54B19435.8070401@intertwingly.net> <54B1B211.3050807@seantek.com> <54B1B682.3070609@intertwingly.net> <54B28E0F.8070306@gmx.de> <54B2936B.7030805@intertwingly.net> <05AD7DE2-1C54-45CD-B33A-13766D771E57@mnot.net> <54B2A2CD.5080502@gmx.de> <1A5BBD25-FEBD-49B1-9EFB-4EF8877BF0E7@mnot.net> <54B2A4F9.2070909@gmx.de> <54B2A894.4020201@intertwingly.net> <54B2F4C3.5020008@seantek.com>
In-Reply-To: <54B2F4C3.5020008@seantek.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-RR-Connecting-IP: 107.14.168.130:25
X-Cloudmark-Score: 0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/hkLBlMgFNyvt6nbweSwz2p6eHvQ>
X-Mailman-Approved-At: Mon, 12 Jan 2015 07:56:06 -0800
Cc: "pkix@ietf.org" <pkix@ietf.org>, apps-discuss@ietf.org
Subject: Re: [pkix] [apps-discuss] character repertoire for fragment identifiers
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jan 2015 22:24:11 -0000
On 01/11/2015 05:10 PM, Sean Leonard wrote: > > I fully agree with Julian on the matter of US-ASCII for URIs. URIs (RFC > 3986) are only made of US-ASCII characters. > > If someone wishes to extend URIs (as opposed to IRIs or whatever) to > include non-US-ASCII characters, that's a problem for web browsers and > all other Internet software alike. This goes exactly to my point about > protocol slots. > > Certificates, CRLs, and other security objects are just as fundamentally > a part of the Web (and web browser) infrastructure as HTML. In > X.509/PKIX security objects, the GeneralName uniformResourceIdentifier > construct is US-ASCII only (IA5String). If you extend "URIs" to be > beyond US-ASCII, RFC 5280 has to be updated...and all the security > libraries that depend upon it. Just because HTML(5) can be served as > UTF-8 or use & encoding or whatever, doesn't make the problem go away. > > Does the URL Interop test-results explicitly test for certificates? I > suggest attempting to put some non-US-ASCII characters in a GeneralName > protocol slot (say, for revocation) and see what happens. The topic is character repertoire for fragment identifiers, not schemes. I am not suggesting that we allow non-US-ASCII protocols. I am willing to accept that GeneralName's that are expressed in the form of a URI must be ASCII-only. The next question is: are all possible URIs valid GeneralNames? Here are two examples: data:image/gif;base64,R0lGODlhyAAiALM...DfD0QAADs= https://www.ietf.org/#related Are both valid GeneralNames? If not, why not? - Sam Ruby
- Re: [pkix] [apps-discuss] character repertoire fo… Sean Leonard
- Re: [pkix] [apps-discuss] character repertoire fo… Sean Leonard
- Re: [pkix] [apps-discuss] character repertoire fo… Sam Ruby
- Re: [pkix] [apps-discuss] character repertoire fo… Sam Ruby
- Re: [pkix] [apps-discuss] character repertoire fo… Martin J. Dürst
- Re: [pkix] [apps-discuss] character repertoire fo… Nico Williams
- Re: [pkix] [apps-discuss] character repertoire fo… Martin J. Dürst
- Re: [pkix] [apps-discuss] character repertoire fo… Graham Klyne