--- 1/draft-ietf-lamps-rfc5280-i18n-update-02.txt 2017-09-04 13:13:09.178508483 -0700 +++ 2/draft-ietf-lamps-rfc5280-i18n-update-03.txt 2017-09-04 13:13:09.198508965 -0700 @@ -1,19 +1,19 @@ INTERNET-DRAFT Internet Engineering Task Force R. Housley Intended Status: Proposed Standard Vigil Security Updates: 5280 (once approved) -Expires: 23 December 2017 23 June 2017 +Expires: 4 March 2018 4 September 2017 Internationalization Updates to RFC 5280 - draft-ietf-lamps-rfc5280-i18n-update-02 + draft-ietf-lamps-rfc5280-i18n-update-03 Abstract These updates to RFC 5280 provide clarity on the handling of Internationalized Domain Names (IDNs) and Internationalized Email Addresses in X.509 Certificates. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the @@ -72,43 +72,43 @@ Addresses in X.509 Certificates. An IDN in Unicode (native character) form contains at least one U-label [RFC5890]. With one exception, IDNs are carried in certificates in ACE-encoded form. That is, all U-labels within an IDN are converted to A-labels. Conversion of an U-label to an A-label is described in [RFC5891]. The GeneralName structure supports many different names forms, including otherName for extensibility. [ID.lamps-eai-addresses] - specifies the SmtpUTF8Name for Internationalized Email addresses, + specifies the SmtpUTF8Mailbox for Internationalized Email addresses, which include IDNs with U-labels. Note that Internationalized Domain Names in Applications specifications published in 2003 (IDNA2003) [RFC3490] and 2008 (IDNA2008) [RFC5890] both refer to the Punycode Algorithm for conversion [RFC3492]. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. Updates This section provides updates to several paragraphs of RFC 5280 - [RFC5280]. For clarity, if the entire section is not replace, then + [RFC5280]. For clarity, if the entire section is not replaced, then the original text and the replacement text are shown. 2.1. Update in Section 1, Introduction - This update includes references for IDNA2008. + This update provides references for IDNA2008. OLD * Enhanced support for internationalized names is specified in Section 7, with rules for encoding and comparing Internationalized Domain Names, Internationalized Resource Identifiers (IRIs), and distinguished names. These rules are aligned with comparison rules established in current RFCs, including [RFC3490], [RFC3987], and [RFC4518]. @@ -119,21 +119,21 @@ Internationalized Domain Names, Internationalized Resource Identifiers (IRIs), and distinguished names. These rules are aligned with comparison rules established in current RFCs, including [RFC3987], [RFC4518], [RFC5890], and [RFC5891]. 2.2. Update in Section 4.2.1.10, Name Constraints This update removes the ability to include constraints for a particular mailbox. This capability was not used, and removing it allows name constraints to apply to email addresses in rfc822Name and - SmtpUTF8Name within otherName. + SmtpUTF8Mailbox [ID.lamps-eai-addresses] within otherName. OLD A name constraint for Internet mail addresses MAY specify a particular mailbox, all addresses at a particular host, or all mailboxes in a domain. To indicate a particular mailbox, the constraint is the complete mail address. For example, "root@example.com" indicates the root mailbox on the host "example.com". To indicate all Internet mail addresses on a particular host, the constraint is specified as the host name. For @@ -255,25 +255,25 @@ ASCII comparison. Implementations should convert the host-part of internationalized email addresses specified in these extensions to Unicode before display. Specifically, conforming implementations should convert A-labels to U-labels for display. 7.5.2. Local-part Contains Non-ASCII Characters When the local-part contains non-ASCII character, conforming - implementations MUST be placed in the SmtpUtf8Name within the - otherName choice of GeneralName as specified in Section 3 of - [ID.lamps-eai-addresses]. Note that the UTF8 encoding of the - internationalized email address MUST NOT contain a Byte-Order-Mark - (BOM) [RFC3629] to aid comparison. + implementations MUST place the internationalized email address in the + SmtpUTF8Mailbox within the otherName choice of GeneralName as + specified in Section 3 of [ID.lamps-eai-addresses]. Note that the + UTF8 encoding of the internationalized email address MUST NOT contain + a Byte-Order-Mark (BOM) [RFC3629] to aid comparison. The comparison of two internationalized email addresses is specified in Section 5 of [ID.lamps-eai-addresses]. Implementations should convert the local-part and the host-part of internationalized email addresses placed in these extensions to Unicode before display. 3. Security Considerations @@ -287,21 +287,21 @@ 4. IANA Considerations No IANA registries are changed by this update. 5. Normative References [ID.lamps-eai-addresses] Melnikov, A. (Ed.) and W. Chuang (Ed.), "Internationalized Email Addresses in X.509 certificates", - December 2016, , work-in-progress. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, January 2005, .