On Fri, Jan 25, 2019 at 2:01 PM Buschart, Rufus <rufus.busch...@siemens.com> wrote:
> > Von: Ryan Sleevi <r...@sleevi.com> > > > > The CA can perform ToASCII(ToUnicode(label)) == label to validate. > > Sorry to be picky, but this check only proofs that a label is a valid IDNA > label but not that it is _not_ a weird server name. > Picky is good! Obviously I'm very picky ;) What's not clear to me is why that distinction is relevant, particularly on the validation side of things. IDNA-aware software will, by virtue of being IDNA-aware, treat it as an A-label if it's a valid ACE label with the ACE prefix, and, correspondingly, transform into a U-Label if they see it as appropriate. From the discussion you were having with Jakob, it's not clear the relevance of that point about 'weird hostname' vs 'U-label' - perhaps I missed something? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy