Hello, Apologies for not flagging this sooner, but I did want to raise this while a revised I-D is needed for addressing IP-IDs so perhaps this could be addressed as well.
Section 7.2 [1] contains the following guidance: "Allowing internationalized domain names can lead to visually similar characters, also referred to as "confusables", being included within certificates. For discussion, see for example [IDNA-DEFS <https://www.ietf.org/archive/id/draft-ietf-uta-rfc6125bis-07.html#IDNA-DEFS > ], Section 4.4 <https://rfc-editor.org/rfc/rfc5890#section-4.4> and [UTS-39 <https://www.ietf.org/archive/id/draft-ietf-uta-rfc6125bis-07.html#UTS-39> ]." This document obsoletes the use of CN-IDs which may contain U-Labels as a source of presented identifiers. All types of identifiers specified in the document (DNS-ID, SRV-ID, and URI-ID) will have IDNs encoded as A-labels in certificates due to the limited character repertoire of IA5String, so it is not possible to encode the U-label representation of IDNs in the SAN for these types. Given this, I'm unsure of the value of having this consideration included, especially since the document describes an automated process of matching identifiers where the presence of "confusables" in the U-label representation of such identifiers has no bearing. Unless I'm missing something, I think this consideration should be removed. Thanks, Corey [1] https://www.ietf.org/archive/id/draft-ietf-uta-rfc6125bis-07.html#section-7. 2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
