--- 1/draft-ietf-lamps-eai-addresses-17.txt 2018-03-04 13:13:10.117652632 -0800 +++ 2/draft-ietf-lamps-eai-addresses-18.txt 2018-03-04 13:13:10.145653298 -0800 @@ -1,19 +1,19 @@ LAMPS A. Melnikov, Ed. Internet-Draft Isode Ltd Updates: 5280 (if approved) W. Chuang, Ed. Intended status: Standards Track Google, Inc. -Expires: August 15, 2018 February 11, 2018 +Expires: September 5, 2018 March 4, 2018 Internationalized Email Addresses in X.509 certificates - draft-ietf-lamps-eai-addresses-17 + draft-ietf-lamps-eai-addresses-18 Abstract This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name and Issuer Alternative Name extension that allows a certificate subject to be associated with an Internationalized Email Address. This document updates RFC 5280. @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on August 15, 2018. + This Internet-Draft will expire on September 5, 2018. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -323,21 +323,22 @@ 7. Security Considerations Use of SmtpUTF8Mailbox for certificate subjectAltName (and issuerAltName) will incur many of the same security considerations as in Section 8 in [RFC5280], but introduces a new issue by permitting non-ASCII characters in the email address local-part. This issue, as mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], is that use of Unicode introduces the risk of visually similar and identical characters which can be exploited to deceive the recipient. The former document references some means to mitigate against these - attacks. + attacks. See [WEBER] for more background on security issues with + Unicode. 8. IANA Considerations In Section 3 and the ASN.1 module identifier defined in Appendix A. IANA is kindly requested to make the following assignments for: The LAMPS-EaiAddresses-2016 ASN.1 module in the "SMI Security for PKIX Module Identifier" registry (1.3.6.1.5.5.7.0). The SmtpUTF8Mailbox otherName in the "PKIX Other Name Forms" @@ -400,20 +401,24 @@ Email Headers", RFC 6532, DOI 10.17487/RFC6532, February 2012, . 9.2. Informative References [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, . + [WEBER] Weber, C., "Attacking Software Globalization", March 2010, + . + Appendix A. ASN.1 Module The following ASN.1 module normatively specifies the SmtpUTF8Mailbox structure. This specification uses the ASN.1 definitions from [RFC5912] with the 2002 ASN.1 notation used in that document. [RFC5912] updates normative documents using older ASN.1 notation. LAMPS-EaiAddresses-2016 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)