... >Does that address your question/comment?No, that is a different topic completely. The first major exception listed in draft-cooper-pkix-rfc5280-impl-report-00.txt covers processing rules for internationalized names. His report says that no implementations could be found.
Whoops.This is primarily a client issue, right? Section 7.1 established a MUST for comparison of IDNs, based on the LDAP StringPrep profile. Clients need to perform comparisons, e.g., a CA Subject name to CA name in a CRL, etc. I reread David's comment as to why this would not be a problems client, due to CA adherence to uniform encoding of names, but you are right that we don't have an obvious way to address this apparent lack of conformance.
Russ & Tim, how would you like PKIX to proceed? We could wait for compliant implementations to appear (and we can try to encourage such), or we could downgrade the MUST to a SHOULD (but would the IESG be satisfied with this, given what I perceive as an overall desire to push for UTF8 support?).
Steve
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.