On Sat, Jul 7, 2018 at 4:07 AM, Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On Fri, Jul 06, 2018 at 02:43:45PM -0700, Peter Bowen via > dev-security-policy wrote: > > In reviewing a recent CA application, the question came up of what is > > allowed in a certificate in data encoded as "TeletexString" (which is > > also sometimes called T61String). > > > > Specifically, certlint will report an error if a TeletexString > > contains any characters not in the "Teletex Primary Set of Graphic > > Characters" unless the TeletexString contains an escape sequence. For > > example, including 'ä', or 'ö' will trigger this error unless preceded > > by an escape sequence. > > > > In order to figure out what can be used, one need to reference X.690 > > Table 3, which notes that G0 is assumed to start with character set > > 102. Character set 102 is defined at > > https://www.itscj.ipsj.or.jp/iso-ir/102.pdf. Note that 102 isn't the > > same as ASCII nor is it i the same as the first part of Unicode. > > I'm not sure why you bring this up. Anyway, according to X.690, > the default is: > > G0: 102 > C0: 106 > C1: 107 > > Or as escape sequences and locking shift: > ESC 2/8 7/5 LS0 (G0 102, locking shift 0) > ESC 2/1 4/5 (C0 106) > ESC 2/2 4/8 (C1 107) > > But what is just as important is that G1 does not have a default, > while at least some people assume it's 103. While 102 is close to > ASCII, there is nothing for G1 that is close to latin1. > This came up in a recent CA review, in which a CA did not properly escape, but stated that the vendor told them this is correct. See https://bug1417041.bmoattachments.org/attachment.cgi?id=8985908 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy