IDNA200x and PKIX chain validation
John C Klensin
klensin at jck.com
Thu Mar 27 17:49:22 CET 2008
--On Thursday, 27 March, 2008 09:40 -0700 Paul Hoffman
<phoffman at imc.org> wrote:
> At 4:26 PM +0100 3/27/08, Simon Josefsson wrote:
>> Doesn't this approach lead to, for example, that the outcome
>> of X.509 certificate chain validation will depend on the
>> locale in which the application is running in?
>
> Not at all. The domain names used in chain validation are
> expressed as punycode/A-labels.
And, as I understand it, are generally also in length-string
label format, rather than dot-separated domain names. So they
are isolated from almost anything that goes on in the
"characters the user is expected to see and interact with" side
of things.
john
More information about the Idna-update
mailing list