[UA-discuss] OpenSSL, was Where should IDN translation happen?
John Levine
john.levine at standcore.com
Thu Nov 15 15:29:15 UTC 2018
On Thu, 15 Nov 2018, Michael Casadevall wrote:
> I was referring to how the From header in the email is used by MTAs and
> how it relates to S/MIME, and why the u-label needs to be in the
> certificate *or* verification has to allow for conversion on the fly.
Actually, it needs both. I agree with Viktor that when you're creating
the certificate you can assume the CA is sending you good data. But when
you're using it, you're goint to be testing it against whatever junk the
MUA or the user provides.
For example, assume the name in the cert is exámple, and the user checks
it against exámple except that the user's UTF-8 has an unnormalized a'
rather than a precomposed á. One possibility would be to normalize it and
compare and say yes. Another would be to check the code points and reject
it as not a valid U-label. But it would be wrong to decode the punycode,
compare the UTF-8, and say nope, they're different.
Regards,
John Levine, john.levine at standcore.com
Standcore LLC
More information about the UA-discuss
mailing list