[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stringprep in 3280bis

To: Tim Polk <tim.polk@xxxxxxxx>
Subject: Re: stringprep in 3280bis
From: "Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx>
Date: Thu, 22 Jun 2006 16:43:12 -0700
Cc: ietf-pkix@xxxxxxx
In-reply-to: <5.1.0.14.2.20060622102208.02f3ffb0@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <5.1.0.14.2.20060622102208.02f3ffb0@xxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Tim,
  
As far as nameprep goes, yes, AllowUnassigned is all about
"stored" v. "query" strings.  So, as you note, domain
label preparation is mostly okay.  (see below comments).

However, I do note that 7.1 says nothing about "stored"
v. "query" strings.  In this case, as one implementation
is preparing both strings in the comparison, treating
both as "stored" should be fine.

-- Kurt

At 02:52 PM 6/22/2006, Tim Polk wrote:
>>To accommodate
>>   internationalized domain names in the current structure, conforming
>>   implementations MUST convert internationalized domain names to the
>>   ASCII Compatible Encoding (ACE) format as specified in section 4 of
>>   RFC 3490 before storage in the dNSName field.  Specifically,
>>   conforming implementations MUST perform the conversion operation
>>   specified in section 4 of RFC 3490 as follows:
>>
>>      * in step 1, the domain name SHALL be considered a "stored
>>      string";
> (additional steps deleted)

You might want to add:
        , hence the AllowUnassigned SHALL NOT be set.

since nameprep uses this flag to indicate the string has "stored"
handling.  Likewise in subsequent bullet set in this section.

>In section 7.3, we did not specify "stored" versus "query", because it does not seem to apply.  In this section 7.3, the domain component attribute contains only a single label, so we only perform the "ToASCII" operation.

It does (via AllowUnassigned).


>>To represent a label from an IDN in the distinguished
>>   name, the implementation MUST perform the "ToASCII" label conversion
>>   specified in section 4.1 of RFC 3490.
>
>As I said, the "ToASCII" operation doesn't seem to care about "stored" versus "query" so we didn't specify it.  However, the "ToASCII" operation does require specification of two additional inputs: the AllowUnassigned flag, and the UseSTD3ASCIIRules flag. We dropped the ball here.  We should have specified that the UseSTD3ASCIIRules flag should be set, and that AllowUassigned flag is *not* set.  (That works out to be the same as "stored" anyway, doesn't it?)

Yes.


>(1) How about the following revision to that sentence in 7.3:
>
>To represent a label from an IDN in the distinguished name, the implementation MUST perform the "ToASCII" label conversion specified in section 4.1 of RFC 3490, where the STD3ASCIIRules flag is set but AllowUnassigned flag is not set.
>(2) If I misinterpreted the specification of "ToASCII", and we do need to specify "stored" vs. "query", we could use this alternate text:
>
>To represent a label from an IDN in the distinguished name, the implementation MUST perform the "ToASCII" label conversion specified in section 4.1 of RFC 3490, where the string preparation is performed as a "stored" string.

I prefer language that explicitly says that the string is to be
regarded as "stored" and (hence) the AllowUnassigned flag is
not set (see my comment regarding 7.2 text).

-- Kurt

References:
- last call for 3280bis
  - From: Stephen Kent
- Re: stringprep in 3280bis
  - From: Tim Polk

Prev by Date: I-D ACTION:draft-ietf-pkix-srvsan-02.txt
Next by Date: RE: last call for 3280bis - escape clause
Previous by thread: Re: stringprep in 3280bis
Next by thread: RE: last call for 3280bis - references
Index(es):
- Date
- Thread