Hi,
I sent the attached message originally in pkix list. It seems that
PKIX (X.509) certificates are currently stuck with IDNA2003, making the
HTTPS situation quite confusing, since most browsers and registrars use
IDNA2008 for DNS. Is there any suggestion on how this situation can be
addressed?
regards,
Nikos
--- Begin Message ---
Hi,
RFC5280 and its update (6818), reference IDNA2003 (rfc3490) for
storing internationalized DNS names. However, IDNA2003 is already
obsolete standard (it seems it was already deprecated when RFC6818 was
published [0]) and in practice phased out. What is the current best
practice on internationalized names with certificates?
Is it transparently switch to IDNA2008 (rfc5890), and let software
figure out the reverse mappings to utf8 somehow?
Or is it store UTF-8 dns names on the certificate, and let the software
comparing DNS names do any mapping it deems necessary prior to
comparison?
regards,
Nikos
[0]. https://www.ietf.org/mail-archive/web/pkix/current/msg28386.html
_______________________________________________
pkix mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/pkix
--- End Message ---
_______________________________________________
precis mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/precis
