Thanks for the review. I suggest:
Conforming CAs SHOULD ensure that IDNs are valid according to
IDNA2008, which is defined in [RFC5892] and updated by [RFC8753].
This can be done by verifying all code points against [IDNA-Tables].
Failure to use valid A-labels may yield a domain name that cannot be
correctly represented in the Domain Name System (DNS). In addition,
the CA/Browser Forum offers some guidance regarding internal server
names in certificates [CABF].
[IDNA-Tables]
"IDNA Rules and Derived Property Values", 4 April 2022,
<https://www.iana.org/assignments/idna-tables>.
Russ
> On Jan 1, 2024, at 8:50 AM, Takahiro Nemoto via Datatracker <noreply@xxxxxxxx> wrote:
>
> Reviewer: Takahiro Nemoto
> Review result: Ready with Nits
>
> I am the assigned ART-ART reviewer for this draft.
>
> Summary:
>
> This draft to update RFC 8399 is clear on the revisions and is almost ready for
> publication without major/minor issues. However, I found one point of concern,
> which I comment on below as nits, and I hope you will consider revising them if
> necessary.
>
> Nits:
> In section "3. Security Considerations", RFC 5892 has been updated to RFC 8753
> and needs to be corrected. However, RFC8753 does not describe the algorithm to
> derive property values or the code points list like RFC5892. So, if you want to
> reflect this suggestion, it would be easier to convey the intention to the
> reader to write, "This can be done by verifying all code points
> <https://www.iana.org/assignments/idna-tables> determined by IDNA2008
> [RFC8753]." rather than "This can be done by validating all code points
> according to IDNA2008 [RFC5892].".
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
