Peter Bowen via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>In reviewing a recent CA application, the question came up of what is allowed >in a certificate in data encoded as "TeletexString" (which is also sometimes >called T61String). For the full story of T.61 strings, see the X.509 style guide, https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt, it's a flat text file but grep for "T.61/TeletexString" for the text that covers it. Some further notes, at the time a lot of implementations just treated it as 8859-1 (which the guide mentions with the comment on assuming T.61 = latin-1), which worked OK for most cases where it was used, e.g. umlauts and other accented characters for European languages. Also at one point a bunch of people tried to identify any implementation that would display even something as basic as umlauts via floating diacritics and were unable to find anything that did it. So for certlint I'd always warn for T61String with anything other than ASCII (which century are they living in? Point them at UTF8 and tell them to come back when they've implemented it), treat it as a probably 8859-1 string when checking for validity, and report an error if they try anything like character set switching and fancy escape sequences, which are pretty much guaranteed not to work (i.e. display) properly. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy