Re: DN Encoding by UTF8String

[Russ Housley <housley@xxxxxxxxxxxx>]

This was added to RFC 2459, and retained in RFC 3280, based on comments 
from Harald Alvestrand.   As most of the recipients know, Harald is the 
Chair of the IETF, and a member of the  IESG.  Tim Polk spent a lot of time 
on this issue, negotiating the exact words with Harald and any others.  The 
desire is for certificate issuers to embrace international character sets.

Beyond this recap of the history, I will let Harald speak for himself.

Russ


----------------------- Original Message -----------------------
From:    Masaki SHIMAOKA <shimaoka@xxxxxxxxxxx>
To:      Tim Polk <tim.polk@xxxxxxxx>, Stephen Kent <kent@xxxxxxx>, 
rhousley@xxxxxxxxxxxxxxx, wford@xxxxxxxxxxxx, dsolo@xxxxxxxxxxxx
Date:    Fri, 05 Dec 2003 16:09:10 +0900
Subject: DN Encoding by UTF8String

Dear Authors and WG Chairs,

RFC3280 mentioned that "all certificates issued after Dec 31, 2003 MUST
use UTF8String encoding".

However, it seems that some applications do not yet support UTF8String
respectably and the detail of name comparison rule does not consider
UTF8String sufficiently.

Therefore, existing CAs using except UTF8String for DN encoding SHOULD
do the following actions until solving these UTF8String problem.

    An encoding for issuer field of the certificates issued after 2004
    SHOULD be same as an encoding for subject field of CA certificate
    already issued.

Is this correct?

Of course, when the UTF8String problem solves, all certificates
issuedMUST use UTF8String encoding.
I worry that some confused CAs issue wrong certificates using UTF8String
encoding forcibly, even though the CA had used another encoding till now.

Best regards,
-----
Masaki SHIMAOKA

SECOM Trust.net
System Engineering Dpt.
Tel: +81 422 91 8498 (ext.3605)
Fax: +81 422 45 0536
e-mail: shimaoka@xxxxxxxxxxx