IETF Logo Mail Archive

Re: [pkix] [smime] Support for email address internationalization in RFC5280 certificates

Dr Stephen Henson <lists@drh-consultancy.co.uk> Tue, 05 April 2016 23:54 UTC

Return-Path: <lists@drh-consultancy.co.uk>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6142712D1E9; Tue, 5 Apr 2016 16:54:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.62
X-Spam-Level:
X-Spam-Status: No, score=-1.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_NAME_DR=1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7GF-2lwRZxHR; Tue, 5 Apr 2016 16:54:07 -0700 (PDT)
Received: from claranet-outbound-smtp05.uk.clara.net (claranet-outbound-smtp05.uk.clara.net [195.8.89.38]) by ietfa.amsl.com (Postfix) with ESMTP id 9518812D121; Tue, 5 Apr 2016 16:54:06 -0700 (PDT)
Received: from 92.40.248.79.threembb.co.uk ([92.40.248.79]:19134 helo=[192.168.43.31]) by relay05.mail.eu.clara.net (relay.clara.net [81.171.239.35]:10465) with esmtpa (authdaemon_plain:drh) id 1ananM-000683-Hd (return-path <lists@drh-consultancy.co.uk>); Tue, 05 Apr 2016 23:54:05 +0000
To: George Michaelson <ggm@algebras.org>, IETF PKIX <pkix@ietf.org>
References: <CAAFsWK0F6K_9VrDL7aX0QN56mWdhHsq0KV_1moR9pJ=A4E1BaA@mail.gmail.com> <CAK6vND-nAztjm9DzKNdCf1Hm2rbN5zAN4GWKuu5PiF49LeRSsw@mail.gmail.com> <CAAFsWK0yYrEJkazOcyc+hOUTaihcBi6Aa31g9g3TyxvVzxyF5A@mail.gmail.com> <C726CA9F-369B-4EC9-BB0E-8AE38553858D@seantek.com> <DD5CD1E9-1031-468C-8AA3-D1E2FEAD0B6F@vigilsec.com> <028101d18f60$dd6262e0$982728a0$@augustcellars.com> <CAAFsWK2HA83a6C+ofbaHFE3JCncf8Z-xwy7bCVPC7F+j6DfM4A@mail.gmail.com> <CAKr6gn1vVAmZLHtS4GtRoX19v-ECKMStkQZE5Ec9vQV2t8rSaw@mail.gmail.com>
From: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Message-ID: <57045015.9010103@drh-consultancy.co.uk>
Date: Wed, 06 Apr 2016 00:53:57 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <CAKr6gn1vVAmZLHtS4GtRoX19v-ECKMStkQZE5Ec9vQV2t8rSaw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/pveO1a1IO3R-9SxVBCxi5Va4kF4>
Cc: IETF SMIME <smime@ietf.org>
Subject: Re: [pkix] [smime] Support for email address internationalization in RFC5280 certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2016 23:54:10 -0000

On 05/04/2016 22:02, George Michaelson wrote:
> IIRC OpenSSL choses the most compact syntactically acceptable ASN.1
> alphabet to represent strings. So, if your labels fit in IA5String,
> thats what it is. But if tomorrow you re-issue and they no longer fit,
> then it promotes to the next minimally correct ASN.1 alphabet.
> 

It can do that if it is configured to do so and the API is used with appropriate
flags. However that is not mandatory behaviour and if you don't want that you
don't have to use it.

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.

v2.23.0 | Report a Bug | By Email