ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-lamps-eai-addresses-05.txt> (Internationalized Email Addresses in X.509 certificates) to Proposed Standard

2017-02-08 04:18:44


--On Wednesday, February 8, 2017 05:13 +0000 Viktor Dukhovni
<ietf-dane(_at_)dukhovni(_dot_)org> wrote:

...
I am asking the author to remove that dependency, leaving
construction of the normal form of the reference identifier to
the application rather than the X.509 stack.  If he is
unsuccessful, and there is a fundamental requirement for X.509
certificate validation code to become IDNA aware, that'd be a
major barrier to widespread support for this specification.

As you and others have pointed out, SMTPUTF8 is deploying rather
slowly.   That should not be a surprise to anyone who
participated in the WG discussions and understands the issues --
there are a complex sequencing and support tradeoffs involved
although with a number of problems some would describe as
involving "chicken and egg" relationships and others would claim
would benefit from a flag day.

So, as I understand it, you want to shift the issues to the
application in order to get more rapid deployment.  I prefer to
keep the decisions, including a single canonical form, bound to
the X.509 certificate because I think, especially given the
security implications of either false positives or false
negatives, that getting implementations right (and consistent)
is more important than getting quick deployment.   A preference
for "right" over "quick" is particularly important where IDNs
are concerned given the number of inconsistent implementations
of things claiming to be IDNA in the wild.

best,
   john



<Prev in Thread] Current Thread [Next in Thread>