IDNA200x and PKIX chain validation
Paul Hoffman
phoffman at imc.org
Thu Mar 27 18:03:34 CET 2008
At 12:49 PM -0400 3/27/08, John C Klensin wrote:
>--On Thursday, 27 March, 2008 09:40 -0700 Paul Hoffman
><phoffman at imc.org> wrote:
>
>> At 4:26 PM +0100 3/27/08, Simon Josefsson wrote:
>>> Doesn't this approach lead to, for example, that the outcome
>>> of X.509 certificate chain validation will depend on the
>>> locale in which the application is running in?
>>
>> Not at all. The domain names used in chain validation are
>> expressed as punycode/A-labels.
>
>And, as I understand it, are generally also in length-string
>label format, rather than dot-separated domain names.
Nope, you are wrong about that: the are full FQDNs. Fortunately,
that's irrelevant for Simon's concern.
More information about the Idna-update
mailing list