Re: [Spasm] comments on draft-ietf-pkix-eai-addresses-01
Sean Leonard <dev+ietf@seantek.com> Thu, 16 June 2016 13:31 UTC
Return-Path: <dev+ietf@seantek.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77A9B12D664 for <spasm@ietfa.amsl.com>; Thu, 16 Jun 2016 06:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOSjmpD8jGo2 for <spasm@ietfa.amsl.com>; Thu, 16 Jun 2016 06:31:07 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B89012D650 for <spasm@ietf.org>; Thu, 16 Jun 2016 06:31:07 -0700 (PDT)
Received: from [192.168.123.7] (unknown [75.83.2.34]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 601EB50A84 for <spasm@ietf.org>; Thu, 16 Jun 2016 09:31:06 -0400 (EDT)
To: spasm@ietf.org
References: <064201d1ada1$0b94dc20$22be9460$@augustcellars.com> <5740CA5D.9000900@isode.com> <000301d1b4a3$f6fdc470$e4f94d50$@augustcellars.com>
From: Sean Leonard <dev+ietf@seantek.com>
Message-ID: <e535c2c6-c1e3-63e3-5296-dd35cac669aa@seantek.com>
Date: Thu, 16 Jun 2016 06:31:36 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <000301d1b4a3$f6fdc470$e4f94d50$@augustcellars.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Gh3YivqTPE7sSk2ROyPPijqKuTY>
Subject: Re: [Spasm] comments on draft-ietf-pkix-eai-addresses-01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2016 13:31:08 -0000
A few additional points popped out at me: Currently, draft-melnikov-spasm-eai-addresses-01 does not restrict out plain (ASCII-only) e-mail addresses. This means that ASCII-only e-mail addresses can be "hidden" from implementations that don't support this new eai method. I am not in favor of this. The text is not really clear about whether non-internationalized email addresses are allowed in eaiName. It should be clear in saying that eaiName is restricted to internationalized email addresses, i.e., where there is at least one character beyond the ASCII range in the local-part. Email addresses that are limited to ASCII in the local-part MUST be encoded in rfc822Name only. Can the ASN.1 reflect this with an appropriate string restriction? The comparison algorithm is convoluted. There will be implementations that don't bother with the convoluted algorithm, and running the convoluted algorithm over thousands or hundreds of millions of certificates is going to have a meaningful impact on performance. It's better to put the address in a form that is amenable to octet-by-octet comparison. This argues in favor of requiring the domain name to be in U-labels instead of A-labels, and to normalize case (to lowercase) for characters in the ASCII range. Sean
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Wei Chuang
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Russ Housley
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Russ Housley
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Wei Chuang
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Sean Leonard
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Wei Chuang
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Jim Schaad
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Sean Leonard
- [Spasm] comments on draft-ietf-pkix-eai-addresses… Jim Schaad
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Russ Housley
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Alexey Melnikov
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Sean Leonard
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Jim Schaad
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Jim Schaad