All, We’ve recently become aware that some CAs have issued certificates containing punycode encoded domain labels compatible with IDNA2008, that are not compatible with IDNA2003.
Our own interpretation is that IDNA2008 is currently not permitted. While the LDH, Non-Reserved LDH and XN label definitions reference RFC 5890, they only quote a very specific part of it. Meanwhile the P-Label definition directly references RFC3492 for encoding. Likewise RFC5280 which the BRs require adherence to, both reference IDNA2003 (RFC3490). (Side-note, I believe RFC9549 aims to rectify the issue with RFC5280) As a note, ballot SC48v2 updated the language to the current definition. I’m looking for the opinions of this group as to their interpretations, as well as opinions if we indeed want to allow IDNA2008 and make this clear within the language. Regards, Martijn
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Servercert-wg mailing list Servercert-wg@cabforum.org https://lists.cabforum.org/mailman/listinfo/servercert-wg
