[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: discuss: draft-ietf-pkix-pi-07.txt
Sorry -- I was away from my inbox for just over 24 hours,
and didn't catch up with this before the call.
My argument then was: the value is either an OID or a URI,
which (by definition of those identifiers) means that, in fact,
they will be ascii strings.
I remain concerned that the people writing this document don't
understand URIs well enough, and may be thinking that IRIs
(like URIs, but using UTF-8) will be plug-and-play compatible
with this spec. A) they won't be and B) *then* you get the
heartache of internationalized string comparision.
See my notes of April 15, 16 and 24, subject
"Re: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public Key Infrastructure Permanent Identifier to Proposed Standard"
Leslie.
Steven M. Bellovin wrote:
In message <E1A9xFi-000ERu-KT@roam.psg.com>, Randy Bush writes:
the rfc-ed has their job cut out for them.
---
i think there are some rituals that have to be followed re utf8, and
they are not being followed. but i am not an expert in this. e.g. i
suspect this is deadly
The Alphanumeric Identifier Match rule compares for equality a
presented value with an attribute value of type UTF8String
or IA5String, which is interpreted as a series of alphanumeric
characters. The rules for matching are that a working comparison
value is constructed from each of the two values by including
only the digits and alphabetic characters appearing in the value;
and then the two comparison values are compared using
CaseIgnoreMatch. This rule is intended for use only with
identifiers in variants of the Latin, Greek, and Cyrillic scripts.
I raised that issue the first time we saw that document. If I recall
correctly, Leslie -- who knows far more about that stuff than I do --
persuaded me that it wasn't a problem here.
--Steve Bellovin, http://www.research.att.com/~smb
--
-------------------------------------------------------------------
"Reality:
Yours to discover."
-- ThinkingCat
Leslie Daigle
leslie@thinkingcat.com
-------------------------------------------------------------------