[precis] [Fwd: [pkix] IDNA2008 and PKIX certificates]
Nikos Mavrogiannopoulos <nmav@redhat.com> Wed, 23 November 2016 15:19 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD61A129A15 for <precis@ietfa.amsl.com>; Wed, 23 Nov 2016 07:19:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.399
X-Spam-Level:
X-Spam-Status: No, score=-8.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-phkZtpiBp4 for <precis@ietfa.amsl.com>; Wed, 23 Nov 2016 07:19:41 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E850129A07 for <precis@ietf.org>; Wed, 23 Nov 2016 07:19:41 -0800 (PST)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 015B080088 for <precis@ietf.org>; Wed, 23 Nov 2016 15:19:41 +0000 (UTC)
Received: from dhcp-10-40-1-102.brq.redhat.com ([10.40.2.184]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id uANFJd9W003185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <precis@ietf.org>; Wed, 23 Nov 2016 10:19:40 -0500
Message-ID: <1479914378.2765.2.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: precis@ietf.org
Date: Wed, 23 Nov 2016 16:19:38 +0100
References: <1479808931.31825.10.camel@redhat.com>
Content-Type: multipart/mixed; boundary="=-2AiXDgGkiJCqz7OTDMG9"
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 23 Nov 2016 15:19:41 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/precis/xNq9skelj2TEw3z_2mEaCXPmqfw>
Subject: [precis] [Fwd: [pkix] IDNA2008 and PKIX certificates]
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 15:19:43 -0000
Hi, I sent the attached message originally in pkix list. It seems that PKIX (X.509) certificates are currently stuck with IDNA2003, making the HTTPS situation quite confusing, since most browsers and registrars use IDNA2008 for DNS. Is there any suggestion on how this situation can be addressed? regards, Nikos
--- Begin Message ---Hi, RFC5280 and its update (6818), reference IDNA2003 (rfc3490) for storing internationalized DNS names. However, IDNA2003 is already obsolete standard (it seems it was already deprecated when RFC6818 was published [0]) and in practice phased out. What is the current best practice on internationalized names with certificates? Is it transparently switch to IDNA2008 (rfc5890), and let software figure out the reverse mappings to utf8 somehow? Or is it store UTF-8 dns names on the certificate, and let the software comparing DNS names do any mapping it deems necessary prior to comparison? regards, Nikos [0]. https://www.ietf.org/mail-archive/web/pkix/current/msg28386.html _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix--- End Message ---
- [precis] [Fwd: [pkix] IDNA2008 and PKIX certifica… Nikos Mavrogiannopoulos
- Re: [precis] [Fwd: [pkix] IDNA2008 and PKIX certi… Alexey Melnikov
- Re: [precis] [Fwd: [pkix] IDNA2008 and PKIX certi… John C Klensin
- Re: [precis] [Fwd: [pkix] IDNA2008 and PKIX certi… =JeffH
- Re: [precis] [Fwd: [pkix] IDNA2008 and PKIX certi… Nikos Mavrogiannopoulos