Re: encoding rules for explicitText (was Re: draft-ietf-pkix-rfc3280bis-11.txt)

[Paul Hoffman <paul.hoffman@xxxxxxxx>]

At 9:01 AM -0500 2/6/08, David A. Cooper wrote:
> BMPString and VisibleString are already deprecated.  Here is the 
> entire paragraph from which the new text was quoted.
>
>   An explicitText field includes the textual statement directly in
>   the certificate.  The explicitText field is a string with a
>   maximum size of 200 characters.  Conforming CAs SHOULD use the
>   UTF8String encoding for explicitText, but MAY use IA5String.
>   Conforming CAs MUST NOT encode explicitText as VisibleString or
>   BMPString.  The explicitText string SHOULD NOT include any control
>   characters (e.g., U+0000 to U+001F and U+007F to U+009F).  When
>   the UTF8String encoding is used, all character sequences SHOULD be
>   normalized according to Unicode normalization form C (NFC) [NFC].
>
> The sentence stating that CAs MUST NOT use VisibleString or 
> BMPString was added in draft -00 of 3280bis.

Whoops, sorry, missed that. No problem then.

(The really picky among us would say that you do not need to say 
"When the UTF8String encoding is used," because you can use NFC on 
pure ASCII text as a no-op, but that will cause some developers to 
pull in a full NFC library for nothing...)

--Paul Hoffman, Director
--VPN Consortium