[pkix] IDNA2008 and PKIX certificates
Nikos Mavrogiannopoulos <nmav@redhat.com> Tue, 22 November 2016 10:02 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90EBC129D00 for <pkix@ietfa.amsl.com>; Tue, 22 Nov 2016 02:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.399
X-Spam-Level:
X-Spam-Status: No, score=-8.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxrDDJ9DlMZr for <pkix@ietfa.amsl.com>; Tue, 22 Nov 2016 02:02:31 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FB2C129D0B for <pkix@ietf.org>; Tue, 22 Nov 2016 02:02:14 -0800 (PST)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2409881231 for <pkix@ietf.org>; Tue, 22 Nov 2016 10:02:14 +0000 (UTC)
Received: from dhcp-10-40-1-102.brq.redhat.com ([10.40.2.184]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id uAMA2COG010996 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <pkix@ietf.org>; Tue, 22 Nov 2016 05:02:13 -0500
Message-ID: <1479808931.31825.10.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: pkix@ietf.org
Date: Tue, 22 Nov 2016 11:02:11 +0100
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 22 Nov 2016 10:02:14 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/tqExjIhAUNtDqZlpe8UGJpjAgq4>
Subject: [pkix] IDNA2008 and PKIX certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2016 10:02:33 -0000
Hi, RFC5280 and its update (6818), reference IDNA2003 (rfc3490) for storing internationalized DNS names. However, IDNA2003 is already obsolete standard (it seems it was already deprecated when RFC6818 was published [0]) and in practice phased out. What is the current best practice on internationalized names with certificates? Is it transparently switch to IDNA2008 (rfc5890), and let software figure out the reverse mappings to utf8 somehow? Or is it store UTF-8 dns names on the certificate, and let the software comparing DNS names do any mapping it deems necessary prior to comparison? regards, Nikos [0]. https://www.ietf.org/mail-archive/web/pkix/current/msg28386.html
- [pkix] IDNA2008 and PKIX certificates Nikos Mavrogiannopoulos
- Re: [pkix] IDNA2008 and PKIX certificates Sean Turner
- Re: [pkix] IDNA2008 and PKIX certificates Nikos Mavrogiannopoulos
- Re: [pkix] IDNA2008 and PKIX certificates Sean Turner
- Re: [Spasm] [precis] [Fwd: [pkix] IDNA2008 and PK… Nikos Mavrogiannopoulos
- Re: [pkix] [Spasm] IDNA2008 and PKIX certificates Russ Housley
- Re: [pkix] [Spasm] IDNA2008 and PKIX certificates Alexey Melnikov
- Re: [pkix] [Spasm] IDNA2008 and PKIX certificates Nikos Mavrogiannopoulos
- Re: [pkix] [Spasm] IDNA2008 and PKIX certificates Nikos Mavrogiannopoulos