Re: discuss: draft-ietf-pkix-pi-07.txt

[Harald Tveit Alvestrand <harald@alvestrand.no>]

--On 16. oktober 2003 04:27 -0400 "Steven M. Bellovin" 
<smb@research.att.com> wrote:

> > i think there are some rituals that have to be followed re utf8, and
> > they are not being followed.  but i am not an expert in this.  e.g. i
> > suspect this is deadly
> >
> >      The Alphanumeric Identifier Match rule compares for equality a
> >      presented value with an attribute value of type UTF8String
> >      or IA5String, which is interpreted as a series of alphanumeric
> >      characters.  The rules for matching are that a working comparison
> >      value is constructed from each of the two values by including
> >      only the digits and alphabetic characters appearing in the value;
> >      and then the two comparison values are compared using
> >      CaseIgnoreMatch.  This rule is intended for use only with
> >      identifiers in variants of the Latin, Greek, and Cyrillic scripts.
>
> I raised that issue the first time we saw that document.  If I recall
> correctly, Leslie -- who knows far more about that stuff than I do --
> persuaded me that it wasn't a problem here.

I'm holding a DISCUSS on this paragraph. If they solve the problem by 
limiting the string to ASCII, that's fine with me.

Note (something I realized only on re-reading Leslie's comment): this 
matching rule will match http://com.net.org/ with http://com.net/org. This 
may be a bad idea.

                         Harald