RE: Last Call summary for draft-ietf-pkix-cert-utf8

["Stefan Santesson" <stefans@microsoft.com>]

I'm fine with this text.

I would oppose inclusion of requirements on the CA regarding name
assignments of reasons stated in the thread.


Stefan Santesson
Program Manager, Standards Liaison
Windows Security


> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org
[mailto:owner-ietf-pkix@mail.imc.org]
> On Behalf Of Russ Housley
> Sent: den 13 april 2006 18:11
> To: Ted Hardie
> Cc: iesg@ietf.org; ietf-pkix@imc.org
> Subject: RE: Last Call summary for draft-ietf-pkix-cert-utf8
> 
> 
> Ted:
> 
> Thanks for the improved text.  Here it is all put together:
> 
>     When strings are mapped from internal representations to visual
> representations,
>     sometimes two different strings will have the same or similar
> visual representations.
>     This can happen for many different reasons, including use of
> similar glyphs and
>     use of composed characters (such as e + ' equaling U+00E9, the
Korean
>     composed characters, and vowels above consonant clusters in
> certain languages).
>     As a result of this situation, people doing visual comparisons
between
> two
>     different names may think they are the same when in fact they are
> not.  Also,
>     people may mistake one string for another.  Issuers of
> certificates and relying
>     parties both need to be aware of this situation.
> 
> This does not impose any untestable requirements.  Any concerns with
this
> text?
> 
> Russ
> 
> At 11:05 AM 4/13/2006, you wrote:
> >At 10:32 AM -0400 4/13/06, Russ Housley wrote:
> > >I suggest the following.  I think it adds the concept of "similar
> looking."
> > >
> > >   When strings are mapped from internal representations to visual
> > representations,
> > >   sometimes two different strings will have the same or similar
> > visual representations.
> > >   This can happen for many different reasons, including use of
> > similar glyphs and
> > >   multiple items being combined into a single glyph.
> >
> >"Multiple items being combined into a single glyph" sounds like you
mean
> >"the use of composed characters" (e + ' equaling U+00E9, the Korean
> composed
> >characters, vowels above consonant clusters in certain
> >languages).  Each of the
> >cases in which that occurs  has a raft of different instances, each
> >with their own
> >tricky bits.  If that is what you mean, I'd suggest using that
> >phrasing, as it is a
> >more recognized term of art.   If you mean something else, I don't
think
> I'm
> >clear on what exactly you mean.
> >                                 Ted
> >
> >
> >
> >
> > >As a result of this situation,
> > >   people doing visual comparisons between two different names may
> > think they are
> > >   the same when in fact they are not.  Also, people may mistake
> > one string for
> > >   another.  Issuers of certificates and relying parties both need
> > to be aware of
> > >   this situation.
> > >
> > >This does not impose any untestable requirements.  Any concerns
> > with this text?
> > >
> > >Russ
> > >
> > >
> > >At 07:36 AM 4/13/2006, Santosh Chokhani wrote:
> > >>When strings are mapped from internal representations to visual
> > >>representations, sometimes two different strings will have
> > >>the same visual representations.  This can happen due to similar
> glyphs,
> > >>multiple items being combined into a single glyph among other
reasons.
> > >>When
> > >>this happens people doing visual comparisons between two different
> names
> > >>may
> > >>think they are the same when in fact they are not.  Also, people
may
> > >>mistake one string for another.  Issuers of certificates and
relying
> > >>parties both need to be aware of these facts.