Re: [Spasm] comments on draft-ietf-pkix-eai-addresses-01
"Jim Schaad" <ietf@augustcellars.com> Thu, 16 June 2016 17:34 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A08512DA3B for <spasm@ietfa.amsl.com>; Thu, 16 Jun 2016 10:34:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F06VvvnbbDwM for <spasm@ietfa.amsl.com>; Thu, 16 Jun 2016 10:34:13 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FCD412D9F3 for <spasm@ietf.org>; Thu, 16 Jun 2016 10:34:11 -0700 (PDT)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 7D60F2CA3E; Thu, 16 Jun 2016 10:34:11 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Sean Leonard' <dev+ietf@seantek.com>, spasm@ietf.org
References: <064201d1ada1$0b94dc20$22be9460$@augustcellars.com> <5740CA5D.9000900@isode.com> <000301d1b4a3$f6fdc470$e4f94d50$@augustcellars.com> <e535c2c6-c1e3-63e3-5296-dd35cac669aa@seantek.com>
In-Reply-To: <e535c2c6-c1e3-63e3-5296-dd35cac669aa@seantek.com>
Date: Thu, 16 Jun 2016 10:34:10 -0700
Message-ID: <015a01d1c7f5$4b63ed50$e22bc7f0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGKZnjtH2+4jtNhP837mF1TA1TL1wGQkjeNAaji1GsCk4ACcqBMsXjw
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/IPkj-B4mZ24soxBSHxpMWhYfQ6c>
Subject: Re: [Spasm] comments on draft-ietf-pkix-eai-addresses-01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2016 17:34:16 -0000
> -----Original Message----- > From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Sean Leonard > Sent: Thursday, June 16, 2016 6:32 AM > To: spasm@ietf.org > Subject: Re: [Spasm] comments on draft-ietf-pkix-eai-addresses-01 > > A few additional points popped out at me: > > Currently, draft-melnikov-spasm-eai-addresses-01 does not restrict out plain > (ASCII-only) e-mail addresses. This means that ASCII-only e-mail addresses can > be "hidden" from implementations that don't support this new eai method. I am > not in favor of this. The text is not really clear about whether non- > internationalized email addresses are allowed in eaiName. It should be clear in > saying that eaiName is restricted to internationalized email addresses, i.e., > where there is at least one character beyond the ASCII range in the local-part. > Email addresses that are limited to ASCII in the local-part MUST be encoded in > rfc822Name only. > > Can the ASN.1 reflect this with an appropriate string restriction? Almost nobody implements it but it would be eaiName ::= UTF8String (SIZE(1..MAX)) (PATTERN [^!-}]*) The pattern can probably be improved if one has a better sense of what characters are permitted in an email address. This one just says don't allow for any string which consists of just these characters. This is probably a case where you do not care if the pattern matches too many items as one would not care if you matched things which were not email addresses. Jim > > The comparison algorithm is convoluted. There will be implementations that > don't bother with the convoluted algorithm, and running the convoluted > algorithm over thousands or hundreds of millions of certificates is going to have > a meaningful impact on performance. It's better to put the address in a form > that is amenable to octet-by-octet comparison. This argues in favor of requiring > the domain name to be in U-labels instead of A-labels, and to normalize case (to > lowercase) for characters in the ASCII range. > > Sean > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Wei Chuang
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Russ Housley
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Russ Housley
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Wei Chuang
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Sean Leonard
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Wei Chuang
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Jim Schaad
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Sean Leonard
- [Spasm] comments on draft-ietf-pkix-eai-addresses… Jim Schaad
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Russ Housley
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Alexey Melnikov
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Sean Leonard
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Jim Schaad
- Re: [Spasm] comments on draft-ietf-pkix-eai-addre… Jim Schaad