[UA-discuss] Implementing RFC 8398

Sat Jul 14 19:28:42 UTC 2018

Dina,

I fully concur with your rationale.  Getting something working encourages others to get their platform working.  And gives a public comparison point.

We are still looking for an IMAP/POP Open Source application that is EAI ready.

D

From: UA-discuss <ua-discuss-bounces at icann.org> On Behalf Of Dmitry Belyavsky
Sent: Sunday, 15 July 2018 5:36 AM
To: icann at thomascovenant.org
Cc: ua-discuss at icann.org
Subject: Re: [UA-discuss] Implementing RFC 8398

Hello,

the initial diff providing some (poor) visualization can be found here:
https://github.com/openssl/openssl/compare/master...beldmit:rfc8398

On Tue, Jun 19, 2018 at 4:01 PM, Jalkanen Dina Solveig <icann at thomascovenant.org<mailto:icann at thomascovenant.org>> wrote:
Hey Dmitry,

Implementing RFC 8398 support in OpenSSL is a good first move for the adoption of any TLS specification. Unfortunately, to the best of my knowledge, most major mail clients do not use OpenSSL.
For instance, Thunderbird uses NSS, Android's crypto services are underpinned by BoringSSL as of Android 6.0, and Microsoft Outlook uses Microsoft's own libraries.
As such, the actual impact of getting EAI X.509 certificates usable on the general internet via OpenSSL support is somewhat minimal.

That being said, providing a known good reference implementation has value, especially when combined with solid test cases and examples.
Looking further, since OpenSSL's projects BoringSSL and LibreSSL could directly benefit from this work, it's likely to be an excellent point to begin wider spread deployment and support of RFC 8398.

Given that just enabling IDNs and EAIs to work with email is one aspect of UA work, having PKI simply “just work” with common tools and frameworks is extremely important.
Would be happy to be of help. o/

BR,
Thomas

***
Thomas aka Jalkanen Dina Solveig
Friendly geek in Amsterdam Chaos
https://wiki.techinc.nl/index.php/User:Thomascovenant

On 19.06.2018 10:23, Dmitry Belyavsky wrote:
> Hello,
>
> Some time ago IETF has finalized RFC 8398 (Internationalized Email
> Addresses in X.509 Certificates). It describes using EAI in X.509
> certificates, validation rules of such certificates etc.
>
> There are a lot of standards where ASCII-only email is the only
> option, and new standards allowing the EAI are just appearing. The
> X.509 certificates and email in it is just one such a place.
>
> I'm familiar with OpenSSL enough to implement the RFC 8398
> (Internationalized Email Addresses in X.509 Certificates) standard in
> OpenSSL code, if the UA community is interested enough in it.
>
> Thank you!
> --
> SY, Dmitry Belyavsky

--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20180714/6f6cc12a/attachment.html>