[UA-discuss] Implementing RFC 8398
Dmitry Belyavsky
beldmit at gmail.com
Sat Jul 14 17:35:54 UTC 2018
Hello,
the initial diff providing some (poor) visualization can be found here:
https://github.com/openssl/openssl/compare/master...beldmit:rfc8398
On Tue, Jun 19, 2018 at 4:01 PM, Jalkanen Dina Solveig <
icann at thomascovenant.org> wrote:
> Hey Dmitry,
>
> Implementing RFC 8398 support in OpenSSL is a good first move for the
> adoption of any TLS specification. Unfortunately, to the best of my
> knowledge, most major mail clients do not use OpenSSL.
> For instance, Thunderbird uses NSS, Android's crypto services are
> underpinned by BoringSSL as of Android 6.0, and Microsoft Outlook uses
> Microsoft's own libraries.
> As such, the actual impact of getting EAI X.509 certificates usable on the
> general internet via OpenSSL support is somewhat minimal.
>
> That being said, providing a known good reference implementation has
> value, especially when combined with solid test cases and examples.
> Looking further, since OpenSSL's projects BoringSSL and LibreSSL could
> directly benefit from this work, it's likely to be an excellent point to
> begin wider spread deployment and support of RFC 8398.
>
> Given that just enabling IDNs and EAIs to work with email is one aspect of
> UA work, having PKI simply “just work” with common tools and frameworks is
> extremely important.
> Would be happy to be of help. o/
>
> BR,
> Thomas
>
> ***
> Thomas aka Jalkanen Dina Solveig
> Friendly geek in Amsterdam Chaos
> https://wiki.techinc.nl/index.php/User:Thomascovenant
>
> On 19.06.2018 10:23, Dmitry Belyavsky wrote:
> > Hello,
> >
> > Some time ago IETF has finalized RFC 8398 (Internationalized Email
> > Addresses in X.509 Certificates). It describes using EAI in X.509
> > certificates, validation rules of such certificates etc.
> >
> > There are a lot of standards where ASCII-only email is the only
> > option, and new standards allowing the EAI are just appearing. The
> > X.509 certificates and email in it is just one such a place.
> >
> > I'm familiar with OpenSSL enough to implement the RFC 8398
> > (Internationalized Email Addresses in X.509 Certificates) standard in
> > OpenSSL code, if the UA community is interested enough in it.
> >
> > Thank you!
> > --
> > SY, Dmitry Belyavsky
>
>
>
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20180714/07cc943f/attachment.html>
More information about the UA-discuss
mailing list