draft-ietf-lamps-rfc5280-i18n-update-01.txt   draft-ietf-lamps-rfc5280-i18n-update-02.txt 
INTERNET-DRAFT INTERNET-DRAFT
Internet Engineering Task Force R. Housley Internet Engineering Task Force R. Housley
Intended Status: Proposed Standard Vigil Security Intended Status: Proposed Standard Vigil Security
Updates: RFC 5280 (once approved) Updates: 5280 (once approved)
Expires: 14 December 2017 14 June 2017 Expires: 23 December 2017 23 June 2017
Internationalization Updates to RFC 5280 Internationalization Updates to RFC 5280
draft-ietf-lamps-rfc5280-i18n-update-01 draft-ietf-lamps-rfc5280-i18n-update-02
Abstract Abstract
These updates to RFC 5280 provide clarity on the handling of These updates to RFC 5280 provide clarity on the handling of
Internationalized Domain Names (IDNs) and Internationalized Email Internationalized Domain Names (IDNs) and Internationalized Email
Addresses in X.509 Certificates. Addresses in X.509 Certificates.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
skipping to change at page 2, line 15 skipping to change at page 2, line 15
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
1. Introduction 1. Introduction
This document updates RFC 5280 [RFC5280]. The Introduction in This document updates RFC 5280 [RFC5280]. The Introduction in
Section 1, the Name Constraints certificate extension discussion in Section 1, the Name Constraints certificate extension discussion in
Section 4.2.1.10, and the Processing Rules for Internationalized Section 4.2.1.10, and the Processing Rules for Internationalized
Names in Section 7 are updated to provide clarity on the handling of Names in Section 7 are updated to provide clarity on the handling of
Internationalized Domain Names (IDNs) and Internationalized Email Internationalized Domain Names (IDNs) and Internationalized Email
Addresses in X.509 Certificates. Addresses in X.509 Certificates.
An IDN in Unicode (native character) form contains at least one An IDN in Unicode (native character) form contains at least one
skipping to change at page 2, line 37 skipping to change at page 2, line 49
IDN are converted to A-labels. Conversion of an U-label to an IDN are converted to A-labels. Conversion of an U-label to an
A-label is described in [RFC5891]. A-label is described in [RFC5891].
The GeneralName structure supports many different names forms, The GeneralName structure supports many different names forms,
including otherName for extensibility. [ID.lamps-eai-addresses] including otherName for extensibility. [ID.lamps-eai-addresses]
specifies the SmtpUTF8Name for Internationalized Email addresses, specifies the SmtpUTF8Name for Internationalized Email addresses,
which include IDNs with U-labels. which include IDNs with U-labels.
Note that Internationalized Domain Names in Applications Note that Internationalized Domain Names in Applications
specifications published in 2003 (IDNA2003) [RFC3490] and 2008 specifications published in 2003 (IDNA2003) [RFC3490] and 2008
(IDNA2008) [RFC5980] both refer to the Punycode Algorithm for (IDNA2008) [RFC5890] both refer to the Punycode Algorithm for
conversion [RFC3492]. conversion [RFC3492].
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. Updates 2. Updates
skipping to change at page 7, line 22 skipping to change at page 7, line 27
Melnikov, A. (Ed.) and W. Chuang (Ed.), Melnikov, A. (Ed.) and W. Chuang (Ed.),
"Internationalized Email Addresses in X.509 certificates", "Internationalized Email Addresses in X.509 certificates",
December 2016, <http://www.ietf.org/id/draft-ietf-lamps- December 2016, <http://www.ietf.org/id/draft-ietf-lamps-
eai-addresses>, work-in-progress. eai-addresses>, work-in-progress.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI Requirement Levels", BCP 14, RFC 2119, DOI
10.17487/RFC2119, March 1997, <http://www.rfc- 10.17487/RFC2119, March 1997, <http://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987,
January 2005, <http://www.rfc-editor.org/info/rfc3987>. January 2005, <http://www.rfc-editor.org/info/rfc3987>.
[RFC4518] Zeilenga, K., "Lightweight Directory Access Protocol [RFC4518] Zeilenga, K., "Lightweight Directory Access Protocol
(LDAP): Internationalized String Preparation", RFC 4518, (LDAP): Internationalized String Preparation", RFC 4518,
DOI 10.17487/RFC4518, June 2006, <http://www.rfc- DOI 10.17487/RFC4518, June 2006, <http://www.rfc-
editor.org/info/rfc4518>. editor.org/info/rfc4518>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<http://www.rfc-editor.org/info/rfc5280>. <http://www.rfc-editor.org/info/rfc5280>.
[RFC5890] Klensin, J., "Internationalized Domain Names for [RFC5890] Klensin, J., "Internationalized Domain Names for
Applications (IDNA): Definitions and Document Framework", Applications (IDNA): Definitions and Document Framework",
RFC 5890, DOI 10.17487/RFC5890, August 2010, RFC 5890, DOI 10.17487/RFC5890, August 2010,
<http://www.rfc-editor.org/info/rfc5890>. <http://www.rfc-editor.org/info/rfc5890>.
[RFC5891] Klensin, J., "Internationalized Domain Names in [RFC5891] Klensin, J., "Internationalized Domain Names in
skipping to change at page 8, line 11 skipping to change at page 8, line 16
Internationalized Domain Names for Applications (IDNA)", Internationalized Domain Names for Applications (IDNA)",
RFC 5892, DOI 10.17487/RFC5892, August 2010, RFC 5892, DOI 10.17487/RFC5892, August 2010,
<http://www.rfc-editor.org/info/rfc5892>. <http://www.rfc-editor.org/info/rfc5892>.
6. Informative References 6. Informative References
[CABF] CA/Browser Forum, "Internal Server Names and IP Address [CABF] CA/Browser Forum, "Internal Server Names and IP Address
Requirements for SSL", Version 1.0, June 2012, Requirements for SSL", Version 1.0, June 2012,
<https://cabforum.org/internal-names/> <https://cabforum.org/internal-names/>
[RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello,
"Internationalizing Domain Names in Applications (IDNA)", "Internationalizing Domain Names in Applications (IDNA)",
RFC 3490, DOI 10.17487/RFC3490, March 2003, RFC 3490, DOI 10.17487/RFC3490, March 2003,
<http://www.rfc-editor.org/info/rfc3490>. <http://www.rfc-editor.org/info/rfc3490>.
[RFC3639] St. Johns, M., Ed., Huston, G., Ed., and IAB, [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode
"Considerations on the use of a Service Identifier in for Internationalized Domain Names in Applications
Packet Headers", RFC 3639, DOI 10.17487/RFC3639, October (IDNA)", RFC 3492, DOI 10.17487/RFC3492, March 2003,
2003, <http://www.rfc-editor.org/info/rfc3639>. <http://www.rfc-editor.org/info/rfc3492>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <http://www.rfc-editor.org/info/rfc3629>.
Acknowledgements Acknowledgements
Thanks to Alexey Melnikov for the encouragement to write this update. Thanks to Alexey Melnikov for the encouragement to write this update.
Thanks to John Klensin and Patrik Falstrom for confirming many of the Thanks to John Klensin and Patrik Falstrom for confirming many of the
details in this update. Thanks to Wei Chuang, Alexey Melnikov, Tim details in this update. Thanks to Wei Chuang, Phillip Hallam-Baker,
Ruehsen, and Sean Turner for their careful review and comments. Alexey Melnikov, Tim Ruehsen, and Sean Turner for their careful
review and comments.
Authors' Address Authors' Address
Russ Housley Russ Housley
Vigil Security, LLC Vigil Security, LLC
918 Spring Knoll Drive 918 Spring Knoll Drive
Herndon, VA 20170 Herndon, VA 20170
USA USA
EMail: housley@vigilsec.com EMail: housley@vigilsec.com
 End of changes. 9 change blocks. 
13 lines changed or deleted 30 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/