On 1/27/23 1:43 PM, Viktor Dukhovni wrote:
But but I don't see how this is relevant to the security of certificate
validation. If the application wants to authenticate "☕.example", it
matches the A-label form to the certificate. Perhaps it should have
refused to communicate with "☕.example", but that question is I think
at a different layer. If an EAI-capable MUA addresses email to
"☕.example" (for some domain-name-valued "example"), and traffic to
that domain is subject to authenticated TLS, then Postfix will
authenticate "xn--53h.example", ignoring MX indirection for the moment).
Bingo.
It's unclear to me what kind of text folks want in this document, which
is about certificate validation (with IDNs converted to A-labels) and
not all the fun things one can do with U-labels on the web or elsewhere.
Peter
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta