Internationalized Email Addresses in X.509 Certificates
RFC 8398
Document | Type |
RFC - Proposed Standard
(May 2018; Errata)
Updates RFC 5280
|
|
---|---|---|---|
Last updated | 2018-12-19 | ||
Replaces | draft-melnikov-spasm-eai-addresses | ||
Stream | IETF | ||
Formats | plain text pdf html bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Russ Housley | ||
Shepherd write-up | Show (last changed 2016-12-27) | ||
IESG | IESG state | RFC 8398 (Proposed Standard) | |
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Eric Rescorla | ||
Send notices to | "Russ Housley" <housley@vigilsec.com> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) A. Melnikov, Ed. Request for Comments: 8398 Isode Ltd Updates: 5280 W. Chuang, Ed. Category: Standards Track Google, Inc. ISSN: 2070-1721 May 2018 Internationalized Email Addresses in X.509 Certificates Abstract This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name and Issuer Alternative Name extension that allows a certificate subject to be associated with an internationalized email address. This document updates RFC 5280. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8398. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Melnikov & Chuang Standards Track [Page 1] RFC 8398 I18N Mail Addresses in X.509 Certificates May 2018 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions Used in This Document . . . . . . . . . . . . . . 2 3. Name Definitions . . . . . . . . . . . . . . . . . . . . . . 3 4. IDNA2008 . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Matching of Internationalized Email Addresses in X.509 Certificates . . . . . . . . . . . . . . . . . . . . . . . . 4 6. Name Constraints in Path Validation . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . 9 Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 10 Appendix B. Example of SmtpUTF8Mailbox . . . . . . . . . . . . . 11 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction [RFC5280] defines the rfc822Name subjectAltName name type for representing email addresses as described in [RFC5321]. The syntax of rfc822Name is restricted to a subset of US-ASCII characters and thus can't be used to represent internationalized email addresses [RFC6531]. This document defines a new otherName variant to represent internationalized email addresses. In addition this document requires all email address domains in X.509 certificates to conform to IDNA2008 [RFC5890]. 2. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. The formal syntax uses the Augmented Backus-Naur Form (ABNF) [RFC5234] notation. Melnikov & Chuang Standards Track [Page 2] RFC 8398 I18N Mail Addresses in X.509 Certificates May 2018 3. Name Definitions The GeneralName structure is defined in [RFC5280] and supports many different name forms including otherName for extensibility. This section specifies the SmtpUTF8Mailbox name form of otherName so that internationalized email addresses can appear in the subjectAltName of a certificate, the issuerAltName of a certificate, or anywhere else that GeneralName is used. id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) -- SmtpUTF8Mailbox conforms to Mailbox as specifiedShow full document text