draft-ietf-lamps-rfc5280-i18n-update-00.txt   draft-ietf-lamps-rfc5280-i18n-update-01.txt 
INTERNET-DRAFT INTERNET-DRAFT
Internet Engineering Task Force R. Housley Internet Engineering Task Force R. Housley
Intended Status: Proposed Standard Vigil Security Intended Status: Proposed Standard Vigil Security
Updates: RFC 5280 (once approved) Updates: RFC 5280 (once approved)
Expires: 9 November 2017 9 May 2017 Expires: 14 December 2017 14 June 2017
Internationalization Updates to RFC 5280 Internationalization Updates to RFC 5280
draft-ietf-lamps-rfc5280-i18n-update-00 draft-ietf-lamps-rfc5280-i18n-update-01
Abstract Abstract
These updates to RFC 5280 provide clarity on the handling of These updates to RFC 5280 provide clarity on the handling of
Internationalized Domain Names (IDNs) and Internationalized Email Internationalized Domain Names (IDNs) and Internationalized Email
Addresses in X.509 Certificates. Addresses in X.509 Certificates.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
skipping to change at page 6, line 41 skipping to change at page 6, line 41
The comparison of two internationalized email addresses is specified The comparison of two internationalized email addresses is specified
in Section 5 of [ID.lamps-eai-addresses]. in Section 5 of [ID.lamps-eai-addresses].
Implementations should convert the local-part and the host-part of Implementations should convert the local-part and the host-part of
internationalized email addresses placed in these extensions to internationalized email addresses placed in these extensions to
Unicode before display. Unicode before display.
3. Security Considerations 3. Security Considerations
Conforming CAs SHOULD ensure that IDNs are represented as valid Conforming CAs SHOULD ensure that IDNs are valid. This can be done
A-labels. This can be accomplished by taking a provided U-label, by validating all code points according to IDNA2008 [RFC5892].
validating the code points, converting it to an A-label, back to an Failure to use valid A-labels and valid U-labels may yield a domain
U-label, and then checking to see that the result is the same as the name that cannot be correctly represented in the Domain Name System
original U-label. Failure to use valid A-labels may yield a name (DNS). In addition, the CA/Browser Forum offers some guidance
that cannot be correctly represented in the Domain Name System (DNS). regarding internal server names in certificates [CABF].
In addition, the CA/Browser Forum offers some guidance regarding
internal server names in certificates [CABF].
4. IANA Considerations 4. IANA Considerations
No IANA registries are changed by this update. No IANA registries are changed by this update.
5. Normative References 5. Normative References
[ID.lamps-eai-addresses] [ID.lamps-eai-addresses]
Melnikov, A. (Ed.) and W. Chuang (Ed.), Melnikov, A. (Ed.) and W. Chuang (Ed.),
"Internationalized Email Addresses in X.509 certificates", "Internationalized Email Addresses in X.509 certificates",
 End of changes. 3 change blocks. 
10 lines changed or deleted 8 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/