draft-santesson-tls-ume Last Call comment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I note the IETF last call was issued for rev. 2.  That
revision no longer exists, hence I reviewed rev. 3.

This document specification of a "User Principal Name",
I believe, is inadequate.

The I-D indicates that a user_principal_name is a sequence of
0 to 65535 bytes in the form of user@domain.  However,
such a form implies the value is a character string,
but there is no mention of what character set/encoding
is used here.  I would think interoperability
requires both client and server to have a common
understand of what character set/encoding is to
be used.  Additionally, there is no discussion
of UPN matching.  Are byte sequences that differ
only due to use of different Unicode normalizations
to be consider the same or differ?  Are values
case sensitive or not?  etc..

The domain_name field suffers not only from the
above problem, but is flawed due to use of the
outdated "preferred name syntax" of RFC 1034.
This syntax doesn't allow domains such as
123.example.  The text should likely reference
the RFC 1123 which updates the "preferred name
syntax" for naming hosts.

Additionally, no mention of how International
domain names (IDNs) are to be handled.

I recommend ABNF be used to detail the syntax
of each of these fields and that the I-D detail
how values of these fields are to be compared.
Additionally, the I-D should discuss how IDNs
are to be handled.
-- Kurt


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]