[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] idn-uri

To: David Hopwood <david.hopwood@zetnet.co.uk>
Subject: Re: [idn] idn-uri
From: "Eric A. Hall" <ehall@ehsco.com>
Date: Mon, 10 Dec 2001 22:29:33 -0600
CC: Bruce Thomson <bthomson@fm-net.ne.jp>, idn@ops.ietf.org
Organization: EHS Company
References: <011f01c1812f$c856eaf0$a3420fd3@bruce> <3C1527EB.95C90D56@zetnet.co.uk>

David Hopwood wrote:

> New SSL/TLS clients can and should use a modified comparison algorithm,
> but the only way to make https: URIs work with old clients is to
> ACE-encode both the name in the URI, and the name in the certificate.

This raises another interesting scenario, which is whether or not the
hostname part should be decoded for certificate comparison, or if the
encoded representation is the only one which can be used until an
extension or negotiation mechansim is made avaialable. EG, if the hostname
is www.zz--example.com then maybe that is the only form which can be used,
since the decoded form of www.example.com will not match the certificate,
unless there is also some way to specify/negotiate the format in use
(like, try it as the encoded form, then try it as the decoded form, then
fail, as one bad example of an approach).

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

References:
- [idn] idn-uri
  - From: "Bruce Thomson" <bthomson@fm-net.ne.jp>
- Re: [idn] idn-uri
  - From: David Hopwood <david.hopwood@zetnet.co.uk>

Prev by Date: Re: [idn] Mixed TC/SC (was Re: Layer 2 and "idn identities")
Next by Date: Re: [idn] Mixed TC/SC (was Re: Layer 2 and "idn identities")
Prev by thread: Re: [idn] idn-uri
Next by thread: Re: [idn] idn-uri
Index(es):
- Date
- Thread