[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DN Encoding by UTF8String

To: Tim Polk <tim.polk@xxxxxxxx>, Stephen Kent <kent@xxxxxxx>, rhousley@xxxxxxxxxxxxxxx, wford@xxxxxxxxxxxx, dsolo@xxxxxxxxxxxx
Subject: DN Encoding by UTF8String
From: Masaki SHIMAOKA <shimaoka@xxxxxxxxxxx>
Date: Fri, 05 Dec 2003 16:09:10 +0900
Cc: IETF-PKIX <ietf-pkix@xxxxxxx>
Delivered-to: alias-map-ietf-pkix@imc.org@MAP
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Dear Authors and WG Chairs,

RFC3280 mentioned that "all certificates issued after Dec 31, 2003 MUST
use UTF8String encoding".

However, it seems that some applications do not yet support UTF8String
respectably and the detail of name comparison rule does not consider
UTF8String sufficiently.

Therefore, existing CAs using except UTF8String for DN encoding SHOULD
do the following actions until solving these UTF8String problem.

    An encoding for issuer field of the certificates issued after 2004
    SHOULD be same as an encoding for subject field of CA certificate
    already issued.

Is this correct?

Of course, when the UTF8String problem solves, all certificates
issuedMUST use UTF8String encoding.
I worry that some confused CAs issue wrong certificates using UTF8String
encoding forcibly, even though the CA had used another encoding till now.

Best regards,
-----
Masaki SHIMAOKA

SECOM Trust.net
System Engineering Dpt.
Tel: +81 422 91 8498 (ext.3605)
Fax: +81 422 45 0536
e-mail: shimaoka@xxxxxxxxxxx

Prev by Date: RE: DISCUSS: MUST reject in OCSPv1
Next by Date: RE: DISCUSS: MUST reject in OCSPv1
Previous by thread: I-D ACTION:draft-ietf-pkix-acpolicies-extn-05.txt
Next by thread: Re: DN Encoding by UTF8String
Index(es):
- Date
- Thread