ietf-smime
[Top] [All Lists]

Re: UTF8 vs. Punycode

2007-08-13 14:13:35

Tim:

I think that the string comparison routines are the key point. The recipient must recognize their own email address in the recipient info structure. This is an exact match comparison (as opposed to the more complicated ones for sorting). If the recipient does not locate the correct entry in the recipient info structure, then decryption is not possible.

Russ

At 04:30 PM 8/13/2007, Timothy J. Miller wrote:

On Aug 13, 2007, at 2:35 PM, Russ Housley wrote:


This issue was raised by my review of
http://www.ietf.org/internet-drafts/draft-ietf-smime-bfibecms-03.txt

However, I think that the issue goes beyond this document.  The
decision made here ought to set a precedent.

What's the risk of *not* forcing to ASCII via punycode?  Leave aside
flaws in unicode handling routines for the moment.  In the IBE
context, a sender would derive an "incorrect" public key (more
correctly, a different public key) and the recipient would be unable
to decrypt the message.

-- Tim

<Prev in Thread] Current Thread [Next in Thread>