--- 1/draft-ietf-lamps-rfc5280-i18n-update-00.txt	2017-06-14 12:13:14.980944645 -0700
+++ 2/draft-ietf-lamps-rfc5280-i18n-update-01.txt	2017-06-14 12:13:15.004945216 -0700
@@ -1,19 +1,19 @@
 
 INTERNET-DRAFT
 Internet Engineering Task Force                               R. Housley
 Intended Status: Proposed Standard                        Vigil Security
 Updates: RFC 5280 (once approved)
-Expires: 9 November 2017                                      9 May 2017
+Expires: 14 December 2017                                   14 June 2017
 
                 Internationalization Updates to RFC 5280
-                draft-ietf-lamps-rfc5280-i18n-update-00
+                draft-ietf-lamps-rfc5280-i18n-update-01
 
 Abstract
 
    These updates to RFC 5280 provide clarity on the handling of
    Internationalized Domain Names (IDNs) and Internationalized Email
    Addresses in X.509 Certificates.
 
 Status of this Memo
 
    This Internet-Draft is submitted to IETF in full conformance with the
@@ -258,28 +258,26 @@
 
    The comparison of two internationalized email addresses is specified
    in Section 5 of [ID.lamps-eai-addresses].
 
    Implementations should convert the local-part and the host-part of
    internationalized email addresses placed in these extensions to
    Unicode before display.
 
 3.  Security Considerations
 
-   Conforming CAs SHOULD ensure that IDNs are represented as valid
-   A-labels.  This can be accomplished by taking a provided U-label,
-   validating the code points, converting it to an A-label, back to an
-   U-label, and then checking to see that the result is the same as the
-   original U-label.  Failure to use valid A-labels may yield a name
-   that cannot be correctly represented in the Domain Name System (DNS).
-   In addition, the CA/Browser Forum offers some guidance regarding
-   internal server names in certificates [CABF].
+   Conforming CAs SHOULD ensure that IDNs are valid.  This can be done
+   by validating all code points according to IDNA2008 [RFC5892].
+   Failure to use valid A-labels and valid U-labels may yield a domain
+   name that cannot be correctly represented in the Domain Name System
+   (DNS).  In addition, the CA/Browser Forum offers some guidance
+   regarding internal server names in certificates [CABF].
 
 4.  IANA Considerations
 
    No IANA registries are changed by this update.
 
 5.  Normative References
 
    [ID.lamps-eai-addresses]
               Melnikov, A.  (Ed.) and W.  Chuang (Ed.),
               "Internationalized Email Addresses in X.509 certificates",