[UA-discuss] OpenSSL, was Where should IDN translation happen?
Dmitry Belyavsky
beldmit at gmail.com
Wed Nov 14 16:59:26 UTC 2018
On Wed, Nov 14, 2018 at 7:07 PM John Levine <john.levine at standcore.com>
wrote:
> On Wed, 14 Nov 2018, Dmitry Belyavsky wrote:
> > If I read the RFC 8398 correctly, to verify the chain we do not need to
> > punycode anything.
> > We need to unpunycode to compare email with nameConstraints.
>
> I suppose, if you are 100% sure that the UTF-8 email you're comparing it
> with has the domain part fully normalized according to IDNA2008 specs.
>
Got your point.
If nameConstraints and email itself are encoded with the same errors, it
will work;
otherwise we get nasty errors.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20181114/5e1f7dda/attachment.html>
More information about the UA-discuss
mailing list