On Mon, Feb 06, 2017 at 10:03:27AM -0800, Wei Chuang wrote: > > Is that right? Thus the verifier would sometimes need to convert > > from U-labels to A-labels (when the localpart is all ASCII), and > > at other times from A-labels to U-labels (when the localpart is not > > all ASCII)... > > Yes that right. Understood. As I mentioned, I think that avoiding all conversions, and checking for whatever verbatim address is found in message headers is less likely to lead to problems at the cost of some more names in the certificate (all the names that the author uses in practice, no combinatorial explosion). We'll see how this plays out in practice. It will take some time, as adoption of SMTPUTF8 is still quite low. -- Viktor.