[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: discuss: draft-ietf-pkix-pi-07.txt

To: "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: discuss: draft-ietf-pkix-pi-07.txt
From: Leslie Daigle <leslie@thinkingcat.com>
Date: Thu, 16 Oct 2003 14:17:22 -0400
Cc: Randy Bush <randy@psg.com>, iesg <iesg@ietf.org>, IESG Secretary <iesg-secretary@ietf.org>
References: <20031016082735.0FC337B43@berkshire.research.att.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826


Sorry -- I was away from my inbox for just over 24 hours,
and didn't catch up with this before the call.

My argument then was:  the value is either an OID or a URI,
which (by definition of those identifiers) means that, in fact,
they will be ascii strings.

I remain concerned that the people writing this document don't
understand URIs well enough, and may be thinking that IRIs
(like URIs, but using UTF-8) will be plug-and-play compatible
with this spec.  A) they won't be and B) *then* you get the
heartache of internationalized string comparision.

See my notes of April 15, 16 and 24, subject
"Re: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public Key Infrastructure Permanent Identifier to Proposed Standard"

Leslie.

Steven M. Bellovin wrote:

In message <E1A9xFi-000ERu-KT@roam.psg.com>, Randy Bush writes:
the rfc-ed has their job cut out for them.

---
i think there are some rituals that have to be followed re utf8, and
they are not being followed.  but i am not an expert in this.  e.g. i
suspect this is deadly
The Alphanumeric Identifier Match rule compares for equality a presented value with an attribute value of type UTF8String or IA5String, which is interpreted as a series of alphanumeric characters. The rules for matching are that a working comparison value is constructed from each of the two values by including only the digits and alphabetic characters appearing in the value; and then the two comparison values are compared using CaseIgnoreMatch. This rule is intended for use only with identifiers in variants of the Latin, Greek, and Cyrillic scripts.
I raised that issue the first time we saw that document. If I recall correctly, Leslie -- who knows far more about that stuff than I do -- persuaded me that it wasn't a problem here.

--Steve Bellovin, http://www.research.att.com/~smb

--

-------------------------------------------------------------------
"Reality:
    Yours to discover."
                               -- ThinkingCat
Leslie Daigle
leslie@thinkingcat.com
-------------------------------------------------------------------

References:
- Re: discuss: draft-ietf-pkix-pi-07.txt
  - From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: RE: Tendering regrets for today's call
Next by Date: Nomination for promotion to "Proposed Standard"
Previous by thread: Re: discuss: draft-ietf-pkix-pi-07.txt
Next by thread: Re: discuss: draft-ietf-pkix-pi-07.txt
Index(es):
- Date
- Thread