DirectoryString in PKIX-1

[<lars.gu.johansson@xxxxxxxxx>]

Hi all,

It is good that the latest draft of part 1 has added BMPString
to the DirectoryString definition.

However, since teletexString is still present, the following
sentences (see below) declares that any certificate that includes
characters (e.g. any europeen language except english) that isn't
included in the 7-bit ASCII format (A-Z, a-z) have to be encoded in
T.61/teletexString.

This is just not acceptable.

As Peter Gutman poited out in the X.509 Guide, T.61 is one of the
"peculiar and strange oddball encodings". His recommendation
is (again quoted): "Avoid this one.  Anyway: Avoid this one".

So, as long as ISO doesn't give us a tag for ISO 8859-1, I guess
we europeans have to live with BMPString encoding. But please:
don't force us to use T.61/teletexString. Take away that option
(or redefine the meaning of "sufficient" below), please!!!

>   The directoryString is defined as a choice of PrintableString,
>   TeletexString, BMPString and UniversalString.  Conforming CAs shall
>   choose from these options as follows:
>
>      (a) if the character set is sufficient, the string will be
>      represented as a PrintableString;
>
>      (b) failing (a), if the teletexString character set is sufficient,
>      the string will be represented as a TeletexString;
>
>      (c) failing (a) and (b), if the bMPString character set is
>      sufficient the string shall be represented as a BMPString; and
>
>      (d) failing (a), (b) and (c), the string shall be represented as a
>      UniversalString.

Regards,
/Lars Johansson
Sweden Post