Internationalized Email Addresses in X.509 Certificates
RFC 8398
| Document | Type |
RFC - Proposed Standard
(May 2018; Errata)
Updates RFC 5280
|
|
|---|---|---|---|
| Last updated | 2018-07-11 | ||
| Replaces | draft-melnikov-spasm-eai-addresses | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Russ Housley | ||
| Shepherd write-up | Show (last changed 2016-12-27) | ||
| IESG | IESG state | RFC 8398 (Proposed Standard) | |
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Eric Rescorla | ||
| Send notices to | "Russ Housley" <housley@vigilsec.com> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | RFC-Ed-Ack | ||
Internet Engineering Task Force (IETF) A. Melnikov, Ed.
Request for Comments: 8398 Isode Ltd
Updates: 5280 W. Chuang, Ed.
Category: Standards Track Google, Inc.
ISSN: 2070-1721 May 2018
Internationalized Email Addresses in X.509 Certificates
Abstract
This document defines a new name form for inclusion in the otherName
field of an X.509 Subject Alternative Name and Issuer Alternative
Name extension that allows a certificate subject to be associated
with an internationalized email address.
This document updates RFC 5280.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8398.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Melnikov & Chuang Standards Track [Page 1]
RFC 8398 I18N Mail Addresses in X.509 Certificates May 2018
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions Used in This Document . . . . . . . . . . . . . . 2
3. Name Definitions . . . . . . . . . . . . . . . . . . . . . . 3
4. IDNA2008 . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Matching of Internationalized Email Addresses in X.509
Certificates . . . . . . . . . . . . . . . . . . . . . . . . 4
6. Name Constraints in Path Validation . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 10
Appendix B. Example of SmtpUTF8Mailbox . . . . . . . . . . . . . 11
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
[RFC5280] defines the rfc822Name subjectAltName name type for
representing email addresses as described in [RFC5321]. The syntax
of rfc822Name is restricted to a subset of US-ASCII characters and
thus can't be used to represent internationalized email addresses
[RFC6531]. This document defines a new otherName variant to
represent internationalized email addresses. In addition this
document requires all email address domains in X.509 certificates to
conform to IDNA2008 [RFC5890].
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The formal syntax uses the Augmented Backus-Naur Form (ABNF)
[RFC5234] notation.
Melnikov & Chuang Standards Track [Page 2]
RFC 8398 I18N Mail Addresses in X.509 Certificates May 2018
3. Name Definitions
The GeneralName structure is defined in [RFC5280] and supports many
different name forms including otherName for extensibility. This
section specifies the SmtpUTF8Mailbox name form of otherName so that
internationalized email addresses can appear in the subjectAltName of
a certificate, the issuerAltName of a certificate, or anywhere else
that GeneralName is used.
id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 }
SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX))
-- SmtpUTF8Mailbox conforms to Mailbox as specified
Show full document text