| draft-ietf-lamps-eai-addresses-14.txt | draft-ietf-lamps-eai-addresses-15.txt | |||
|---|---|---|---|---|
| LAMPS A. Melnikov, Ed. | LAMPS A. Melnikov, Ed. | |||
| Internet-Draft Isode Ltd | Internet-Draft Isode Ltd | |||
| Intended status: Standards Track W. Chuang, Ed. | Intended status: Standards Track W. Chuang, Ed. | |||
| Expires: March 7, 2018 Google, Inc. | Expires: March 16, 2018 Google, Inc. | |||
| September 3, 2017 | September 12, 2017 | |||
| Internationalized Email Addresses in X.509 certificates | Internationalized Email Addresses in X.509 certificates | |||
| draft-ietf-lamps-eai-addresses-14 | draft-ietf-lamps-eai-addresses-15 | |||
| Abstract | Abstract | |||
| This document defines a new name form for inclusion in the otherName | This document defines a new name form for inclusion in the otherName | |||
| field of an X.509 Subject Alternative Name and Issuer Alternative | field of an X.509 Subject Alternative Name and Issuer Alternative | |||
| Name extension that allows a certificate subject to be associated | Name extension that allows a certificate subject to be associated | |||
| with an Internationalized Email Address. | with an Internationalized Email Address. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 7, 2018. | This Internet-Draft will expire on March 16, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Conventions Used in This Document . . . . . . . . . . . . . . 2 | 2. Conventions Used in This Document . . . . . . . . . . . . . . 2 | |||
| 3. Name Definitions . . . . . . . . . . . . . . . . . . . . . . 2 | 3. Name Definitions . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 4. IDNA2008 . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4. IDNA2008 . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Matching of Internationalized Email Addresses in X.509 | 5. Matching of Internationalized Email Addresses in X.509 | |||
| certificates . . . . . . . . . . . . . . . . . . . . . . . . 4 | certificates . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. Name constraints in path validation . . . . . . . . . . . . . 5 | 6. Name constraints in path validation . . . . . . . . . . . . . 5 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 9 | 9.2. Informative References . . . . . . . . . . . . . . . . . 9 | |||
| Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 9 | Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 9 | |||
| Appendix B. Example of SmtpUTF8Mailbox . . . . . . . . . . . . . 10 | Appendix B. Example of SmtpUTF8Mailbox . . . . . . . . . . . . . 10 | |||
| Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 11 | Appendix C. Acknowledgements . . . . . . . . . . . . . . . . . . 11 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| skipping to change at page 3, line 47 ¶ | skipping to change at page 3, line 47 ¶ | |||
| Letters Digits Hyphen" and is the set of LDH labels that do not have | Letters Digits Hyphen" and is the set of LDH labels that do not have | |||
| "--" characters in the third and forth character position, which | "--" characters in the third and forth character position, which | |||
| excludes "tagged domain names" such as A-labels. Consistent with the | excludes "tagged domain names" such as A-labels. Consistent with the | |||
| treatment of rfc822Name in [RFC5280], SmtpUTF8Mailbox is an envelope | treatment of rfc822Name in [RFC5280], SmtpUTF8Mailbox is an envelope | |||
| <Mailbox> and has no phrase (such as a common name) before it, has no | <Mailbox> and has no phrase (such as a common name) before it, has no | |||
| comment (text surrounded in parentheses) after it, and is not | comment (text surrounded in parentheses) after it, and is not | |||
| surrounded by "<" and ">". | surrounded by "<" and ">". | |||
| Due to operational reasons to be described shortly and name | Due to operational reasons to be described shortly and name | |||
| constraint compatibility reasons described in Section 6, | constraint compatibility reasons described in Section 6, | |||
| SmtpUTF8Mailbox subjectAltName MUST only be used when the local part | SmtpUTF8Mailbox subjectAltName MUST only be used when the local-part | |||
| of the email address contains contains non-ASCII characters. When | of the email address contains non-ASCII characters. When the local- | |||
| the local-part is ASCII, rfc822Name subjectAltName MUST be used | part is ASCII, rfc822Name subjectAltName MUST be used instead of | |||
| instead of SmtpUTF8Mailbox. This is compatible with legacy software | SmtpUTF8Mailbox. This is compatible with legacy software that | |||
| that supports only rfc822Name (and not SmtpUTF8Mailbox). | supports only rfc822Name (and not SmtpUTF8Mailbox). The appropriate | |||
| usage of rfc822Name and SmtpUTF8Mailbox is summarized in Table 1 | ||||
| below. | ||||
| SmtpUTF8Mailbox is encoded as UTF8String. The UTF8String encoding | SmtpUTF8Mailbox is encoded as UTF8String. The UTF8String encoding | |||
| MUST NOT contain a Byte-Order- Mark (BOM) [RFC3629] to aid | MUST NOT contain a Byte-Order- Mark (BOM) [RFC3629] to aid | |||
| consistency across implementations particularly for comparison. | consistency across implementations particularly for comparison. | |||
| +-----------------+-------------+--------------+-----------------+ | ||||
| | local-part char | domain char | domain label | subjectAltName | | ||||
| +-----------------+-------------+--------------+-----------------+ | ||||
| | ASCII-only | ASCII-only | NR-LDH label | rfc822Name | | ||||
| | non-ASCII | ASCII-only | NR-LDH label | SmtpUTF8Mailbox | | ||||
| | ASCII-only | non-ASCII | A-label | rfc822Name | | ||||
| | non-ASCII | non-ASCII | U-label | SmtpUTF8Mailbox | | ||||
| +-----------------+-------------+--------------+-----------------+ | ||||
| non-ASCII may additionally include ASCII characters. | ||||
| Table 1: Email address formatting | ||||
| 4. IDNA2008 | 4. IDNA2008 | |||
| To facilitate comparison between email addresses, all email address | To facilitate comparison between email addresses, all email address | |||
| domains in X.509 certificates MUST conform to IDNA2008 [RFC5890] (and | domains in X.509 certificates MUST conform to IDNA2008 [RFC5890] (and | |||
| avoids any "mappings" mentioned in that document). Use of non- | avoids any "mappings" mentioned in that document). Use of non- | |||
| conforming email address domains introduces the possibility of | conforming email address domains introduces the possibility of | |||
| conversion errors between alternate forms. This applies to | conversion errors between alternate forms. This applies to | |||
| SmtpUTF8Mailbox and rfc822Name in subjectAltName, issuerAltName and | SmtpUTF8Mailbox and rfc822Name in subjectAltName, issuerAltName and | |||
| anywhere else that these are used. | anywhere else that these are used. | |||
| skipping to change at page 8, line 17 ¶ | skipping to change at page 8, line 22 ¶ | |||
| The SmtpUTF8Mailbox otherName in the "PKIX Other Name Forms" | The SmtpUTF8Mailbox otherName in the "PKIX Other Name Forms" | |||
| registry (1.3.6.1.5.5.7.8). | registry (1.3.6.1.5.5.7.8). | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [ID-lamps-rfc5280-i18n-update] | [ID-lamps-rfc5280-i18n-update] | |||
| Housley, R., "Internationalization Updates to RFC 5280", | Housley, R., "Internationalization Updates to RFC 5280", | |||
| June 2017, <https://datatracker.ietf.org/doc/draft- | June 2017, <https://datatracker.ietf.org/doc/ | |||
| housley-rfc5280-i18n-update/>. | draft-housley-rfc5280-i18n-update/>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, | |||
| editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO | |||
| 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November | |||
| 2003, <https://www.rfc-editor.org/info/rfc3629>. | 2003, <https://www.rfc-editor.org/info/rfc3629>. | |||
| [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | |||
| Specifications: ABNF", STD 68, RFC 5234, | Specifications: ABNF", STD 68, RFC 5234, | |||
| DOI 10.17487/RFC5234, January 2008, <https://www.rfc- | DOI 10.17487/RFC5234, January 2008, | |||
| editor.org/info/rfc5234>. | <https://www.rfc-editor.org/info/rfc5234>. | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
| <https://www.rfc-editor.org/info/rfc5280>. | <https://www.rfc-editor.org/info/rfc5280>. | |||
| [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | |||
| DOI 10.17487/RFC5321, October 2008, <https://www.rfc- | DOI 10.17487/RFC5321, October 2008, | |||
| editor.org/info/rfc5321>. | <https://www.rfc-editor.org/info/rfc5321>. | |||
| [RFC5890] Klensin, J., "Internationalized Domain Names for | [RFC5890] Klensin, J., "Internationalized Domain Names for | |||
| Applications (IDNA): Definitions and Document Framework", | Applications (IDNA): Definitions and Document Framework", | |||
| RFC 5890, DOI 10.17487/RFC5890, August 2010, | RFC 5890, DOI 10.17487/RFC5890, August 2010, | |||
| <https://www.rfc-editor.org/info/rfc5890>. | <https://www.rfc-editor.org/info/rfc5890>. | |||
| [RFC5891] Klensin, J., "Internationalized Domain Names in | [RFC5891] Klensin, J., "Internationalized Domain Names in | |||
| Applications (IDNA): Protocol", RFC 5891, | Applications (IDNA): Protocol", RFC 5891, | |||
| DOI 10.17487/RFC5891, August 2010, <https://www.rfc- | DOI 10.17487/RFC5891, August 2010, | |||
| editor.org/info/rfc5891>. | <https://www.rfc-editor.org/info/rfc5891>. | |||
| [RFC6530] Klensin, J. and Y. Ko, "Overview and Framework for | [RFC6530] Klensin, J. and Y. Ko, "Overview and Framework for | |||
| Internationalized Email", RFC 6530, DOI 10.17487/RFC6530, | Internationalized Email", RFC 6530, DOI 10.17487/RFC6530, | |||
| February 2012, <https://www.rfc-editor.org/info/rfc6530>. | February 2012, <https://www.rfc-editor.org/info/rfc6530>. | |||
| [RFC6531] Yao, J. and W. Mao, "SMTP Extension for Internationalized | [RFC6531] Yao, J. and W. Mao, "SMTP Extension for Internationalized | |||
| Email", RFC 6531, DOI 10.17487/RFC6531, February 2012, | Email", RFC 6531, DOI 10.17487/RFC6531, February 2012, | |||
| <https://www.rfc-editor.org/info/rfc6531>. | <https://www.rfc-editor.org/info/rfc6531>. | |||
| [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized | [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized | |||
| Email Headers", RFC 6532, DOI 10.17487/RFC6532, February | Email Headers", RFC 6532, DOI 10.17487/RFC6532, February | |||
| 2012, <https://www.rfc-editor.org/info/rfc6532>. | 2012, <https://www.rfc-editor.org/info/rfc6532>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the | [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the | |||
| Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, | Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, | |||
| DOI 10.17487/RFC5912, June 2010, <https://www.rfc- | DOI 10.17487/RFC5912, June 2010, | |||
| editor.org/info/rfc5912>. | <https://www.rfc-editor.org/info/rfc5912>. | |||
| Appendix A. ASN.1 Module | Appendix A. ASN.1 Module | |||
| The following ASN.1 module normatively specifies the SmtpUTF8Mailbox | The following ASN.1 module normatively specifies the SmtpUTF8Mailbox | |||
| structure. This specification uses the ASN.1 definitions from | structure. This specification uses the ASN.1 definitions from | |||
| [RFC5912] with the 2002 ASN.1 notation used in that document. | [RFC5912] with the 2002 ASN.1 notation used in that document. | |||
| [RFC5912] updates normative documents using older ASN.1 notation. | [RFC5912] updates normative documents using older ASN.1 notation. | |||
| LAMPS-EaiAddresses-2016 | LAMPS-EaiAddresses-2016 | |||
| { iso(1) identified-organization(3) dod(6) | { iso(1) identified-organization(3) dod(6) | |||
| skipping to change at page 11, line 30 ¶ | skipping to change at page 11, line 30 ¶ | |||
| above text decoding is an output of Peter Gutmann's "dumpasn1" | above text decoding is an output of Peter Gutmann's "dumpasn1" | |||
| program. | program. | |||
| Appendix C. Acknowledgements | Appendix C. Acknowledgements | |||
| Thank you to Magnus Nystrom for motivating this document. Thanks to | Thank you to Magnus Nystrom for motivating this document. Thanks to | |||
| Russ Housley, Nicolas Lidzborski, Laetitia Baudoin, Ryan Sleevi, Sean | Russ Housley, Nicolas Lidzborski, Laetitia Baudoin, Ryan Sleevi, Sean | |||
| Leonard, Sean Turner, John Levine, and Patrik Falstrom for their | Leonard, Sean Turner, John Levine, and Patrik Falstrom for their | |||
| feedback. Also special thanks to John Klensin for his valuable input | feedback. Also special thanks to John Klensin for his valuable input | |||
| on internationalization, Unicode and ABNF formatting, to Jim Schaad | on internationalization, Unicode and ABNF formatting, to Jim Schaad | |||
| for his help with the ASN.1 example and his helpful feedback, and to | for his help with the ASN.1 example and his helpful feedback, and | |||
| Viktor Dukhovni for his help with name constraints. | especially to Viktor Dukhovni for helping us with name constraints | |||
| and his many detailed document reviews. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Alexey Melnikov (editor) | Alexey Melnikov (editor) | |||
| Isode Ltd | Isode Ltd | |||
| 14 Castle Mews | 14 Castle Mews | |||
| Hampton, Middlesex TW12 2NP | Hampton, Middlesex TW12 2NP | |||
| UK | UK | |||
| Email: Alexey.Melnikov@isode.com | Email: Alexey.Melnikov@isode.com | |||
| End of changes. 15 change blocks. | ||||
| 26 lines changed or deleted | 42 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||