draft-klensin-idnabis-protocol-04 section 4.5

[Harald Alvestrand]

Simon Josefsson wrote:
>   
>> Another level of mapping is described in the early steps of
>> registration and lookup in the IDNA200X protocol draft. This is the UI
>> level, where apps are, for example, free to map the dotted and dotless
>> letters 'i' the Turkish way if the user has asked the app to assume
>> Turkish conventions. This area is somewhat controversial, since a
>> proliferation of language-specific mappings may create some confusion.
>> Nevertheless, some app developers may consider this essential for a
>> good user experience.
>>
>> So the bottom line is that the current four IDNA200X drafts only
>> specify what is allowed at the lowest level(s). The higher levels,
>> such as HTML, UI and so on, are to be specified in separate specs.
>>     
>
> Doesn't this approach lead to, for example, that the outcome of X.509
> certificate chain validation will depend on the locale in which the
> application is running in?
>
If the specs for X.509 usage say that IDNs are permitted, and must be 
mapped before use, yes.

That's an excellent argument for specifying that X.509 certificates 
should use only IDNs that are permitted in IDNA200x, and therefore 
stable under mapping.

                  Harald