draft-klensin-idnabis-protocol-04 section 4.5
Patrik Fältström
patrik at frobbit.se
Fri Mar 28 09:51:35 CET 2008
On 27 mar 2008, at 16.42, Harald Alvestrand wrote:
>> Doesn't this approach lead to, for example, that the outcome of X.509
>> certificate chain validation will depend on the locale in which the
>> application is running in?
>>
> If the specs for X.509 usage say that IDNs are permitted, and must
> be mapped before use, yes.
>
> That's an excellent argument for specifying that X.509 certificates
> should use only IDNs that are permitted in IDNA200x, and therefore
> stable under mapping.
This is for me one of the main reasons IDNA200X must differ between
"codepoints that are allowed in DNS" and "codepoints that might work
due to mapping". IDNA2003 is unclear on this (no real difference) and
that has created confusion.
Patrik
More information about the Idna-update
mailing list