On Thu, 24 Jan 2019 11:14:11 +0000 "Buschart, Rufus via dev-security-policy" <dev-security-policy@lists.mozilla.org> wrote:
> You are right, of course there are mandatory RFC to take into > account. But there is - to my knowledge - no RFC that says, you MUST > NOT issue a certificate to a domain that could be interpreted as an > IDNA2008 punycode. https://tools.ietf.org/html/rfc5891 4.2.3.1. Hyphen Restrictions The Unicode string MUST NOT contain "--" (two consecutive hyphens) in the third and fourth character positions and MUST NOT start or end with a "-" (hyphen). This means you can't have a valid host name that is just xn--[something]. You can only have it if it is also a valid IDN name. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy