[UA-discuss] OpenSSL, was Where should IDN translation happen?
Michael Casadevall
michael at casadevall.pro
Wed Nov 14 14:18:33 UTC 2018
Replies inline.
On 11/14/18 3:04 AM, Dmitry Belyavsky wrote:
> Dear John,
>
> As I wrote before, I've started to implement RFC 8399 and the
> show-stopper for now is obtaining a set of test cases.
>
The UASG document talking about library support has a list of test cases
although I'm not sure they're exhaustive. It's a starting point anyway.
> OpenSSL team does not want to link OpenSSL with, say, libidn (and to
> implement IDN conversion inside the library for domains).
> I've found out that 2-3 functions inherited from RFC 3492 will fit all
> the purposes necessary to implement RFC 8399.
>
Is there an email conversation or bug report I can read to catch up on
upstream's current state of mind on this?
Secondly, what's your current progress on this? It was your original
posting that inspired me to look at this (and I think I commented on it
then). OpenSSL is under a weird license so they really can't link to
external libraries and not to (L)GPL code so adding the necessary
support for U-labels will likely require rolling your own code or
finding an implementation in the public domain and cutting it down to
size for direct embedding in the BIO module of OpenSSL.
Getting support for U-labels will be a major win for IDNs as it
simplifies IDNs for all OpenSSL applications, and opens the door to
getting EAI S/MIME working. I'd also like to see a fairly extensive
shakedown of TLS in general with IDNs to see if we can shake loose any
bugs especially in regards to revocation, OCSP stapling, AIA, and
certificate transparency.
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 2468 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20181114/35218fc1/pEpkey.asc>
More information about the UA-discuss
mailing list