draft-ietf-lamps-rfc5280-i18n-update-02.txt   draft-ietf-lamps-rfc5280-i18n-update-03.txt 
INTERNET-DRAFT INTERNET-DRAFT
Internet Engineering Task Force R. Housley Internet Engineering Task Force R. Housley
Intended Status: Proposed Standard Vigil Security Intended Status: Proposed Standard Vigil Security
Updates: 5280 (once approved) Updates: 5280 (once approved)
Expires: 23 December 2017 23 June 2017 Expires: 4 March 2018 4 September 2017
Internationalization Updates to RFC 5280 Internationalization Updates to RFC 5280
draft-ietf-lamps-rfc5280-i18n-update-02 draft-ietf-lamps-rfc5280-i18n-update-03
Abstract Abstract
These updates to RFC 5280 provide clarity on the handling of These updates to RFC 5280 provide clarity on the handling of
Internationalized Domain Names (IDNs) and Internationalized Email Internationalized Domain Names (IDNs) and Internationalized Email
Addresses in X.509 Certificates. Addresses in X.509 Certificates.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
skipping to change at page 2, line 44 skipping to change at page 2, line 44
Addresses in X.509 Certificates. Addresses in X.509 Certificates.
An IDN in Unicode (native character) form contains at least one An IDN in Unicode (native character) form contains at least one
U-label [RFC5890]. With one exception, IDNs are carried in U-label [RFC5890]. With one exception, IDNs are carried in
certificates in ACE-encoded form. That is, all U-labels within an certificates in ACE-encoded form. That is, all U-labels within an
IDN are converted to A-labels. Conversion of an U-label to an IDN are converted to A-labels. Conversion of an U-label to an
A-label is described in [RFC5891]. A-label is described in [RFC5891].
The GeneralName structure supports many different names forms, The GeneralName structure supports many different names forms,
including otherName for extensibility. [ID.lamps-eai-addresses] including otherName for extensibility. [ID.lamps-eai-addresses]
specifies the SmtpUTF8Name for Internationalized Email addresses, specifies the SmtpUTF8Mailbox for Internationalized Email addresses,
which include IDNs with U-labels. which include IDNs with U-labels.
Note that Internationalized Domain Names in Applications Note that Internationalized Domain Names in Applications
specifications published in 2003 (IDNA2003) [RFC3490] and 2008 specifications published in 2003 (IDNA2003) [RFC3490] and 2008
(IDNA2008) [RFC5890] both refer to the Punycode Algorithm for (IDNA2008) [RFC5890] both refer to the Punycode Algorithm for
conversion [RFC3492]. conversion [RFC3492].
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. Updates 2. Updates
This section provides updates to several paragraphs of RFC 5280 This section provides updates to several paragraphs of RFC 5280
[RFC5280]. For clarity, if the entire section is not replace, then [RFC5280]. For clarity, if the entire section is not replaced, then
the original text and the replacement text are shown. the original text and the replacement text are shown.
2.1. Update in Section 1, Introduction 2.1. Update in Section 1, Introduction
This update includes references for IDNA2008. This update provides references for IDNA2008.
OLD OLD
* Enhanced support for internationalized names is specified in * Enhanced support for internationalized names is specified in
Section 7, with rules for encoding and comparing Section 7, with rules for encoding and comparing
Internationalized Domain Names, Internationalized Resource Internationalized Domain Names, Internationalized Resource
Identifiers (IRIs), and distinguished names. These rules are Identifiers (IRIs), and distinguished names. These rules are
aligned with comparison rules established in current RFCs, aligned with comparison rules established in current RFCs,
including [RFC3490], [RFC3987], and [RFC4518]. including [RFC3490], [RFC3987], and [RFC4518].
skipping to change at page 3, line 44 skipping to change at page 3, line 44
Internationalized Domain Names, Internationalized Resource Internationalized Domain Names, Internationalized Resource
Identifiers (IRIs), and distinguished names. These rules are Identifiers (IRIs), and distinguished names. These rules are
aligned with comparison rules established in current RFCs, aligned with comparison rules established in current RFCs,
including [RFC3987], [RFC4518], [RFC5890], and [RFC5891]. including [RFC3987], [RFC4518], [RFC5890], and [RFC5891].
2.2. Update in Section 4.2.1.10, Name Constraints 2.2. Update in Section 4.2.1.10, Name Constraints
This update removes the ability to include constraints for a This update removes the ability to include constraints for a
particular mailbox. This capability was not used, and removing it particular mailbox. This capability was not used, and removing it
allows name constraints to apply to email addresses in rfc822Name and allows name constraints to apply to email addresses in rfc822Name and
SmtpUTF8Name within otherName. SmtpUTF8Mailbox [ID.lamps-eai-addresses] within otherName.
OLD OLD
A name constraint for Internet mail addresses MAY specify a A name constraint for Internet mail addresses MAY specify a
particular mailbox, all addresses at a particular host, or all particular mailbox, all addresses at a particular host, or all
mailboxes in a domain. To indicate a particular mailbox, the mailboxes in a domain. To indicate a particular mailbox, the
constraint is the complete mail address. For example, constraint is the complete mail address. For example,
"root@example.com" indicates the root mailbox on the host "root@example.com" indicates the root mailbox on the host
"example.com". To indicate all Internet mail addresses on a "example.com". To indicate all Internet mail addresses on a
particular host, the constraint is specified as the host name. For particular host, the constraint is specified as the host name. For
skipping to change at page 6, line 35 skipping to change at page 6, line 35
ASCII comparison. ASCII comparison.
Implementations should convert the host-part of internationalized Implementations should convert the host-part of internationalized
email addresses specified in these extensions to Unicode before email addresses specified in these extensions to Unicode before
display. Specifically, conforming implementations should convert display. Specifically, conforming implementations should convert
A-labels to U-labels for display. A-labels to U-labels for display.
7.5.2. Local-part Contains Non-ASCII Characters 7.5.2. Local-part Contains Non-ASCII Characters
When the local-part contains non-ASCII character, conforming When the local-part contains non-ASCII character, conforming
implementations MUST be placed in the SmtpUtf8Name within the implementations MUST place the internationalized email address in the
otherName choice of GeneralName as specified in Section 3 of SmtpUTF8Mailbox within the otherName choice of GeneralName as
[ID.lamps-eai-addresses]. Note that the UTF8 encoding of the specified in Section 3 of [ID.lamps-eai-addresses]. Note that the
internationalized email address MUST NOT contain a Byte-Order-Mark UTF8 encoding of the internationalized email address MUST NOT contain
(BOM) [RFC3629] to aid comparison. a Byte-Order-Mark (BOM) [RFC3629] to aid comparison.
The comparison of two internationalized email addresses is specified The comparison of two internationalized email addresses is specified
in Section 5 of [ID.lamps-eai-addresses]. in Section 5 of [ID.lamps-eai-addresses].
Implementations should convert the local-part and the host-part of Implementations should convert the local-part and the host-part of
internationalized email addresses placed in these extensions to internationalized email addresses placed in these extensions to
Unicode before display. Unicode before display.
3. Security Considerations 3. Security Considerations
skipping to change at page 7, line 19 skipping to change at page 7, line 19
4. IANA Considerations 4. IANA Considerations
No IANA registries are changed by this update. No IANA registries are changed by this update.
5. Normative References 5. Normative References
[ID.lamps-eai-addresses] [ID.lamps-eai-addresses]
Melnikov, A. (Ed.) and W. Chuang (Ed.), Melnikov, A. (Ed.) and W. Chuang (Ed.),
"Internationalized Email Addresses in X.509 certificates", "Internationalized Email Addresses in X.509 certificates",
December 2016, <http://www.ietf.org/id/draft-ietf-lamps- September 2017, <http://www.ietf.org/id/draft-ietf-lamps-
eai-addresses>, work-in-progress. eai-addresses>, work-in-progress.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI Requirement Levels", BCP 14, RFC 2119, DOI
10.17487/RFC2119, March 1997, <http://www.rfc- 10.17487/RFC2119, March 1997, <http://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987,
January 2005, <http://www.rfc-editor.org/info/rfc3987>. January 2005, <http://www.rfc-editor.org/info/rfc3987>.
 End of changes. 8 change blocks. 
12 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/