[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
encoding rules for explicitText (was Re: draft-ietf-pkix-rfc3280bis-11.txt)
Jean-Marc Desperrier wrote:
Paul Hoffman wrote:
At 2:19 PM -0500 2/5/08, David A. Cooper wrote:
4) Text was added to section 4.2.1.4 to provide further guidance on
the use of the explicitText string from the userNotice policy
qualifier:
The explicitText string SHOULD NOT include any control
characters (e.g., U+0000 to U+001F and U+007F to U+009F). When
the UTF8String encoding is used, all character sequences SHOULD be
normalized according to Unicode normalization form C (NFC) [NFC].
If we want all text to be normalized, we want it for both UTFString
*and* BMPString.
Would it not be better to simply deprecate BMPString ?
(as well as UniversalString if referenced somewhere)
UniversalString is not an option. explicitText is of type DisplayText,
which is defined as follows:
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
BMPString and VisibleString are already deprecated. Here is the entire
paragraph from which the new text was quoted.
An explicitText field includes the textual statement directly in
the certificate. The explicitText field is a string with a
maximum size of 200 characters. Conforming CAs SHOULD use the
UTF8String encoding for explicitText, but MAY use IA5String.
Conforming CAs MUST NOT encode explicitText as VisibleString or
BMPString. The explicitText string SHOULD NOT include any control
characters (e.g., U+0000 to U+001F and U+007F to U+009F). When
the UTF8String encoding is used, all character sequences SHOULD be
normalized according to Unicode normalization form C (NFC) [NFC].
The sentence stating that CAs MUST NOT use VisibleString or BMPString
was added in draft -00 of 3280bis.
Dave