draft-klensin-idnabis-protocol-04 section 4.5

Patrik Fältström patrik at frobbit.se
Fri Mar 28 09:51:35 CET 2008

On 27 mar 2008, at 16.42, Harald Alvestrand wrote:

>> Doesn't this approach lead to, for example, that the outcome of X.509
>> certificate chain validation will depend on the locale in which the
>> application is running in?
> If the specs for X.509 usage say that IDNs are permitted, and must  
> be mapped before use, yes.
> That's an excellent argument for specifying that X.509 certificates  
> should use only IDNs that are permitted in IDNA200x, and therefore  
> stable under mapping.

This is for me one of the main reasons IDNA200X must differ between  
"codepoints that are allowed in DNS" and "codepoints that might work  
due to mapping". IDNA2003 is unclear on this (no real difference) and  
that has created confusion.


More information about the Idna-update mailing list