[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [pkix] way forward for 5280

From: "David A. Cooper" <david.cooper at nist.gov>
To: Michael StJohns <mstjohns at comcast.net>
Cc: "pkix at ietf.org" <pkix at ietf.org>
Date: Tue, 17 Nov 2009 08:49:09 -0500
In-reply-to: <20091117041319.AF2E83A68C9 at core3.amsl.com>
References: <p06240801c71ebcecac83 at [128.89.89.21]> <20091117041319.AF2E83A68C9 at core3.amsl.com>
List-id: PKIX Working Group <pkix.ietf.org>

Michael StJohns wrote:

Steve - to clarify, IA5String moves to a SHOULD NOT or a MUST NOT?

Or is it SHOULD NOT on create and MUST or SHOULD on the accept?

Here is the text that I have prepared for inclusion in the update RFC based on Steve's proposal, which I interpreted as requesting that VisibleString become a MAY and IA5String become a MUST NOT:

RFC 5280, Section 4.2.1.4, the tenth paragraph says: | An explicitText field includes the textual statement directly in | the certificate. The explicitText field is a string with a | maximum size of 200 characters. Conforming CAs SHOULD use the | UTF8String encoding for explicitText, but MAY use IA5String. | Conforming CAs MUST NOT encode explicitText as VisibleString or | BMPString. The explicitText string SHOULD NOT include any control | characters (e.g., U+0000 to U+001F and U+007F to U+009F). When | the UTF8String encoding is used, all character sequences SHOULD be | normalized according to Unicode normalization form C (NFC) [NFC]. This paragraph is replaced with: | An explicitText field includes the textual statement directly in | the certificate. The explicitText field is a string with a | maximum size of 200 characters. Conforming CAs SHOULD use the | UTF8String encoding for explicitText, but MAY use VisibleString. | Conforming CAs MUST NOT encode explicitText as IA5String or | BMPString. The explicitText string SHOULD NOT include any control | characters (e.g., U+0000 to U+001F and U+007F to U+009F). When | the UTF8String encoding is used, all character sequences SHOULD be | normalized according to Unicode normalization form C (NFC) [NFC].

At 11:53 AM 11/16/2009, Stephen Kent wrote:

As noted in the meeting minutes, we need to make a minor revision to RFC 5280, so that it can progress, based on the implementation report generated by David Cooper.
David provided a thorough analysis of the options for string types for use with the user notice qualifier. Based on David's analysis, I suggest that we allow Visible String as a MAY, but keep use of UTF8 as the SHOULD. I agree with David's suggestion that we consider dropping IA5. It doesn't appear to add any characters useful over Visible String, and it includes control characters, which might be used in malicious ways.

Does anyone object to this change, i.e., drop IA5, put VisibleString back as a MAY, and keep the SHOULD for UTF8.

If I hear no substantive arguments top the contrary by Friday, I will ask David to make this change and post the revised document. We will then begin a 2 week WGLC.

During this last call, ONLY comments on the revised text will be considered.

After WGLC, we will forward the document to Tim and the IESG.

Thanks,

Steve
_______________________________________________
pkix mailing list
pkix at ietf.org
https://www.ietf.org/mailman/listinfo/pkix

References:
- [pkix] way forward for 5280
  - From: Stephen Kent
- Re: [pkix] way forward for 5280
  - From: Michael StJohns

Prev by Date: Re: [pkix] Comments on draft-ietf-pkix-ocspagility-03.txt
Next by Date: Re: [pkix] OCSP and Privacy Issues
Previous by thread: Re: [pkix] way forward for 5280
Next by thread: Re: [pkix] way forward for 5280
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.