draft-ietf-lamps-eai-addresses-17.txt   draft-ietf-lamps-eai-addresses-18.txt 
LAMPS A. Melnikov, Ed. LAMPS A. Melnikov, Ed.
Internet-Draft Isode Ltd Internet-Draft Isode Ltd
Updates: 5280 (if approved) W. Chuang, Ed. Updates: 5280 (if approved) W. Chuang, Ed.
Intended status: Standards Track Google, Inc. Intended status: Standards Track Google, Inc.
Expires: August 15, 2018 February 11, 2018 Expires: September 5, 2018 March 4, 2018
Internationalized Email Addresses in X.509 certificates Internationalized Email Addresses in X.509 certificates
draft-ietf-lamps-eai-addresses-17 draft-ietf-lamps-eai-addresses-18
Abstract Abstract
This document defines a new name form for inclusion in the otherName This document defines a new name form for inclusion in the otherName
field of an X.509 Subject Alternative Name and Issuer Alternative field of an X.509 Subject Alternative Name and Issuer Alternative
Name extension that allows a certificate subject to be associated Name extension that allows a certificate subject to be associated
with an Internationalized Email Address. with an Internationalized Email Address.
This document updates RFC 5280. This document updates RFC 5280.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 15, 2018. This Internet-Draft will expire on September 5, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 7, line 48 skipping to change at page 7, line 48
7. Security Considerations 7. Security Considerations
Use of SmtpUTF8Mailbox for certificate subjectAltName (and Use of SmtpUTF8Mailbox for certificate subjectAltName (and
issuerAltName) will incur many of the same security considerations as issuerAltName) will incur many of the same security considerations as
in Section 8 in [RFC5280], but introduces a new issue by permitting in Section 8 in [RFC5280], but introduces a new issue by permitting
non-ASCII characters in the email address local-part. This issue, as non-ASCII characters in the email address local-part. This issue, as
mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532],
is that use of Unicode introduces the risk of visually similar and is that use of Unicode introduces the risk of visually similar and
identical characters which can be exploited to deceive the recipient. identical characters which can be exploited to deceive the recipient.
The former document references some means to mitigate against these The former document references some means to mitigate against these
attacks. attacks. See [WEBER] for more background on security issues with
Unicode.
8. IANA Considerations 8. IANA Considerations
In Section 3 and the ASN.1 module identifier defined in Appendix A. In Section 3 and the ASN.1 module identifier defined in Appendix A.
IANA is kindly requested to make the following assignments for: IANA is kindly requested to make the following assignments for:
The LAMPS-EaiAddresses-2016 ASN.1 module in the "SMI Security for The LAMPS-EaiAddresses-2016 ASN.1 module in the "SMI Security for
PKIX Module Identifier" registry (1.3.6.1.5.5.7.0). PKIX Module Identifier" registry (1.3.6.1.5.5.7.0).
The SmtpUTF8Mailbox otherName in the "PKIX Other Name Forms" The SmtpUTF8Mailbox otherName in the "PKIX Other Name Forms"
skipping to change at page 9, line 34 skipping to change at page 9, line 34
Email Headers", RFC 6532, DOI 10.17487/RFC6532, February Email Headers", RFC 6532, DOI 10.17487/RFC6532, February
2012, <https://www.rfc-editor.org/info/rfc6532>. 2012, <https://www.rfc-editor.org/info/rfc6532>.
9.2. Informative References 9.2. Informative References
[RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
DOI 10.17487/RFC5912, June 2010, DOI 10.17487/RFC5912, June 2010,
<https://www.rfc-editor.org/info/rfc5912>. <https://www.rfc-editor.org/info/rfc5912>.
[WEBER] Weber, C., "Attacking Software Globalization", March 2010,
<https://www.lookout.net/files/
Chris_Weber_Character%20Transformations%20v1.7_IUC33.pdf>.
Appendix A. ASN.1 Module Appendix A. ASN.1 Module
The following ASN.1 module normatively specifies the SmtpUTF8Mailbox The following ASN.1 module normatively specifies the SmtpUTF8Mailbox
structure. This specification uses the ASN.1 definitions from structure. This specification uses the ASN.1 definitions from
[RFC5912] with the 2002 ASN.1 notation used in that document. [RFC5912] with the 2002 ASN.1 notation used in that document.
[RFC5912] updates normative documents using older ASN.1 notation. [RFC5912] updates normative documents using older ASN.1 notation.
LAMPS-EaiAddresses-2016 LAMPS-EaiAddresses-2016
{ iso(1) identified-organization(3) dod(6) { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
 End of changes. 5 change blocks. 
4 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/