| rfc9598.original.xml | rfc9598.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version='1.0' encoding='utf-8'?> | |||
| <!DOCTYPE rfc [ | <!DOCTYPE rfc [ | |||
| <!ENTITY nbsp " "> | <!ENTITY nbsp " "> | |||
| <!ENTITY zwsp "​"> | <!ENTITY zwsp "​"> | |||
| <!ENTITY nbhy "‑"> | <!ENTITY nbhy "‑"> | |||
| <!ENTITY wj "⁠"> | <!ENTITY wj "⁠"> | |||
| ]> | ]> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.5 (Ruby 3.2.2 | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | |||
| ) --> | -ietf-lamps-rfc8398bis-05" number="9598" category="std" consensus="true" submiss | |||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | ionType="IETF" obsoletes="8398" updates="5280" tocInclude="true" sortRefs="true" | |||
| -ietf-lamps-rfc8398bis-05" category="std" consensus="true" submissionType="IETF" | symRefs="true" version="3" xml:lang="en"> | |||
| obsoletes="8398" updates="5280" tocInclude="true" sortRefs="true" symRefs="true | ||||
| " version="3"> | ||||
| <!-- xml2rfc v2v3 conversion 3.19.2 --> | ||||
| <front> | <front> | |||
| <title abbrev="I18N Mail Addresses in X.509 Certificates">Internationalized Email Addresses in X.509 Certificates</title> | <title abbrev="I18N Mail Addresses in X.509 Certificates">Internationalized Email Addresses in X.509 Certificates</title> | |||
| <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-rfc8398bis-05"/> | <seriesInfo name="RFC" value="9598"/> | |||
| <author fullname="Alexey Melnikov"> | <author fullname="Alexey Melnikov"> | |||
| <organization>Isode Ltd</organization> | <organization>Isode Ltd</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <street>14 Castle Mews</street> | <street>14 Castle Mews</street> | |||
| <city>Hampton</city> | <city>Hampton, Middlesex</city> | |||
| <region>Middlesex</region> | ||||
| <code>TW12 2NP</code> | <code>TW12 2NP</code> | |||
| <country>United Kingdom</country> | <country>United Kingdom</country> | |||
| </postal> | </postal> | |||
| <email>Alexey.Melnikov@isode.com</email> | <email>Alexey.Melnikov@isode.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <author fullname="Wei Chuang"> | <author fullname="Wei Chuang"> | |||
| <organization>Google, Inc.</organization> | <organization>Google, Inc.</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| skipping to change at line 51 ¶ | skipping to change at line 50 ¶ | |||
| <organization>DigiCert</organization> | <organization>DigiCert</organization> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <city>Pittsburgh</city> | <city>Pittsburgh</city> | |||
| <region>PA</region> | <region>PA</region> | |||
| <country>United States of America</country> | <country>United States of America</country> | |||
| </postal> | </postal> | |||
| <email>corey.bonnell@digicert.com</email> | <email>corey.bonnell@digicert.com</email> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2024" month="February" day="13"/> | <date year="2024" month="May"/> | |||
| <area>Security</area> | ||||
| <area>SEC</area> | ||||
| <workgroup>lamps</workgroup> | ||||
| <keyword>EAI</keyword> | <keyword>EAI</keyword> | |||
| <keyword>PKIX</keyword> | <keyword>PKIX</keyword> | |||
| <keyword>email address</keyword> | <keyword>email address</keyword> | |||
| <abstract> | <abstract> | |||
| <?line 75?> | ||||
| <t>This document defines a new name form for inclusion in the otherName | <t>This document defines a new name form for inclusion in the otherName | |||
| field of an X.509 Subject Alternative Name and Issuer Alternative | field of an X.509 Subject Alternative Name and Issuer Alternative | |||
| Name extension that allows a certificate subject to be associated | Name extension that allows a certificate subject to be associated | |||
| with an internationalized email address.</t> | with an internationalized email address.</t> | |||
| <t>This document updates RFC 5280 and obsoletes RFC 8398.</t> | <t>This document updates RFC 5280 and obsoletes RFC 8398.</t> | |||
| </abstract> | </abstract> | |||
| <note removeInRFC="true"> | ||||
| <name>About This Document</name> | ||||
| <t> | ||||
| The latest revision of this draft can be found at <eref target="https:// | ||||
| CBonnell.github.io/draft-lamps-rfc8398-bis/draft-bonnell-lamps-rfc8398bis.html"/ | ||||
| >. | ||||
| Status information for this document may be found at <eref target="https | ||||
| ://datatracker.ietf.org/doc/draft-ietf-lamps-rfc8398bis/"/>. | ||||
| </t> | ||||
| <t> | ||||
| Discussion of this document takes place on the | ||||
| Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group m | ||||
| ailing list (<eref target="mailto:spasm@ietf.org"/>), | ||||
| which is archived at <eref target="https://mailarchive.ietf.org/arch/bro | ||||
| wse/spasm/"/>. | ||||
| Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/spasm/" | ||||
| />. | ||||
| </t> | ||||
| <t>Source for this draft and an issue tracker can be found at | ||||
| <eref target="https://github.com/CBonnell/draft-lamps-rfc8398-bis"/>.</t | ||||
| > | ||||
| </note> | ||||
| </front> | </front> | |||
| <middle> | <middle> | |||
| <?line 84?> | ||||
| <section anchor="introduction"> | <section anchor="introduction"> | |||
| <name>Introduction</name> | <name>Introduction</name> | |||
| <t><xref target="RFC5280"/> defines the rfc822Name subjectAltName name typ e for | <t><xref target="RFC5280"/> defines the rfc822Name subjectAltName name typ e for | |||
| representing email addresses as described in <xref target="RFC5321"/>. The synt ax | representing email addresses as described in <xref target="RFC5321"/>. The synt ax | |||
| of rfc822Name is restricted to a subset of US-ASCII characters and | of rfc822Name is restricted to a subset of US-ASCII characters and | |||
| thus can't be used to represent internationalized email addresses | thus can't be used to represent internationalized email addresses | |||
| <xref target="RFC6531"/>. This document defines a new otherName variant to | <xref target="RFC6531"/>. This document defines a new otherName variant to | |||
| represent internationalized email addresses. In addition this | represent internationalized email addresses. In addition, this | |||
| document requires all email address domains in X.509 certificates to | document requires all email address domains in X.509 certificates to | |||
| conform to IDNA2008 <xref target="RFC5890"/>.</t> | conform to IDNA2008 <xref target="RFC5890"/>.</t> | |||
| <t>This document obsoletes <xref target="RFC8398"/>. The primary motivatio | <t>This document obsoletes <xref target="RFC8398"/>. The primary motivatio | |||
| n for | n of this document is to simplify the encoding of domain labels | |||
| publication of this document is to simplify the encoding of domain labels | ||||
| found in the domain part of internationalized email addresses. In | found in the domain part of internationalized email addresses. In | |||
| particular, <xref target="RFC8398"/> specifies that domain labels are conditiona lly | particular, <xref target="RFC8398"/> specifies that domain labels are conditiona lly | |||
| encoded using either A-labels or U-labels. This specification simplifies | encoded using either A-labels or U-labels. This specification simplifies | |||
| encoding and processing of domain labels by mandating that the A-label | encoding and processing of domain labels by mandating that the A-label | |||
| representation be used in all cases.</t> | representation be used in all cases.</t> | |||
| </section> | </section> | |||
| <section anchor="conventions-and-definitions"> | <section anchor="conventions-and-definitions"> | |||
| <name>Conventions and Definitions</name> | <name>Conventions Used in This Document</name> | |||
| <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14 >REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14 >REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | |||
| NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECO MMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECO MMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | |||
| "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be i nterpreted as | "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be i nterpreted as | |||
| described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they | described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they | |||
| appear in all capitals, as shown here.</t> | appear in all capitals, as shown here.</t> | |||
| <?line -18?> | ||||
| </section> | </section> | |||
| <section anchor="name-definitions"> | <section anchor="name-definitions"> | |||
| <name>Name Definitions</name> | <name>Name Definitions</name> | |||
| <t>The GeneralName structure is defined in <xref target="RFC5280"/> and su pports many | <t>The GeneralName structure <xref target="RFC5280"/> supports many | |||
| different name forms including otherName for extensibility. This | different name forms including otherName for extensibility. This | |||
| section specifies the SmtpUTF8Mailbox name form of otherName so that | section specifies the SmtpUTF8Mailbox name form of otherName so that | |||
| internationalized email addresses can appear in the subjectAltName of | internationalized email addresses can appear in the subjectAltName of | |||
| a certificate, the issuerAltName of a certificate, or anywhere else | a certificate, the issuerAltName of a certificate, or anywhere else | |||
| that GeneralName is used.</t> | that GeneralName is used.</t> | |||
| <artwork><![CDATA[ | <sourcecode type="ASN.1"><![CDATA[ | |||
| id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } | id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } | |||
| SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) | SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) | |||
| -- SmtpUTF8Mailbox conforms to Mailbox as specified | -- SmtpUTF8Mailbox conforms to Mailbox as specified | |||
| -- in Section 3.3 of RFC 6531. Additionally, all domain | -- in Section 3.3 of RFC 6531. Additionally, all domain | |||
| -- labels included in the SmtpUTF8Mailbox value are | -- labels included in the SmtpUTF8Mailbox value are | |||
| -- encoded as LDH labels. In particular, domain labels | ||||
| -- are not encoded as U-labels and instead are encoded | -- are not encoded as U-labels and instead are encoded | |||
| -- using their A-label representation. | -- using their A-label representation. | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t>When the subjectAltName (or issuerAltName) extension contains an | <t>When the subjectAltName (or issuerAltName) extension contains an | |||
| internationalized email address with a non-ASCII Local-part, the | internationalized email address with a non-ASCII Local-part, the | |||
| address <bcp14>MUST</bcp14> be stored in the SmtpUTF8Mailbox name form of otherN ame. | address <bcp14>MUST</bcp14> be stored in the SmtpUTF8Mailbox name form of otherN ame. | |||
| The format of SmtpUTF8Mailbox is a modified version of the | The format of SmtpUTF8Mailbox is a modified version of the | |||
| internationalized Mailbox that was defined in Section 3.3 of | internationalized Mailbox that was defined in | |||
| <xref target="RFC6531"/>, which was derived from Mailbox as defined in Section 4 | <xref target="RFC6531" sectionFormat="of" section="3.3"/>, which was derived fro | |||
| .1.2 | m Mailbox as defined in | |||
| of <xref target="RFC5321"/>. <xref target="RFC6531"/> defines the following ABN | <xref target="RFC5321" sectionFormat="of" section="4.1.2"/>. <xref target="RFC6 | |||
| F rules for Mailbox | 531"/> defines the following ABNF rules for Mailbox | |||
| whose parts are modified for internationalization: <tt>Local-part</tt>, | whose parts are modified for internationalization: <tt>Local-part</tt>, | |||
| <tt>Dot-string</tt>, <tt>Quoted-string</tt>, <tt>QcontentSMTP</tt>, <tt>Domain</ tt>, and <tt>Atom</tt>. | <tt>Dot-string</tt>, <tt>Quoted-string</tt>, <tt>QcontentSMTP</tt>, <tt>Domain</ tt>, and <tt>Atom</tt>. | |||
| In particular, <tt>Local-part</tt> was updated to also support | In particular, <tt>Local-part</tt> was updated to also support | |||
| UTF8-non-ascii. UTF8-non-ascii was described by Section 3.1 of | UTF8-non-ascii. UTF8-non-ascii was described by | |||
| <xref target="RFC6532"/>. Also, domain was extended to support U-labels, as defi | <xref target="RFC6532" sectionFormat="of" section="3.1"/>. Also, domain was exte | |||
| ned | nded to support U-labels, as defined | |||
| in <xref target="RFC5890"/>.</t> | in <xref target="RFC5890"/>.</t> | |||
| <t>This document further refines internationalized Mailbox ABNF rules as | <t>This document further refines internationalized Mailbox ABNF rules as | |||
| described in <xref target="RFC6531"/> and calls this SmtpUTF8Mailbox. In | described in <xref target="RFC6531"/> and calls this SmtpUTF8Mailbox. In | |||
| SmtpUTF8Mailbox, labels that include non-ASCII characters <bcp14>MUST</bcp14> be | SmtpUTF8Mailbox, labels that include non-ASCII characters <bcp14>MUST</bcp14> be | |||
| stored in A-label (rather than U-label) form <xref target="RFC5890"/>. This | stored in A-label (rather than U-label) form <xref target="RFC5890"/>. This | |||
| restriction reduces complexity for implementations of the certification | restriction reduces complexity for implementations of the certification | |||
| path validation algorithm defined in Section 6 of <xref target="RFC5280"/>. In | path validation algorithm defined in <xref target="RFC5280" sectionFormat="of" s ection="6"/>. In | |||
| SmtpUTF8Mailbox, domain labels that solely use ASCII characters (meaning | SmtpUTF8Mailbox, domain labels that solely use ASCII characters (meaning | |||
| neither A- nor U-labels) <bcp14>SHALL</bcp14> use NR-LDH restrictions as specifi ed by | neither A- nor U-labels) <bcp14>SHALL</bcp14> use NR-LDH restrictions as specifi ed by | |||
| Section 2.3.1 of <xref target="RFC5890"/>. NR-LDH stands for "Non-Reserved Lett ers | <xref target="RFC5890" sectionFormat="of" section="2.3.1"/>. NR-LDH stands for "Non-Reserved Letters | |||
| Digits Hyphen" and is the set of LDH labels that do not have "--" | Digits Hyphen" and is the set of LDH labels that do not have "--" | |||
| characters in the third and forth character position, which excludes | characters in the third and forth character positions, which excludes | |||
| "tagged domain names" such as A-labels. To facilitate octet-for-octet | "tagged domain names" such as A-labels. To facilitate octet-for-octet | |||
| comparisons of SmtpUTF8Mailbox values, all NR-LDH and A-label labels | comparisons of SmtpUTF8Mailbox values, all NR-LDH and A-label labels | |||
| which constitute the domain part <bcp14>SHALL</bcp14> only be encoded with lower case | that constitute the domain part <bcp14>SHALL</bcp14> only be encoded with lowerc ase | |||
| letters. Consistent with the treatment of rfc822Name in <xref target="RFC5280"/> , | letters. Consistent with the treatment of rfc822Name in <xref target="RFC5280"/> , | |||
| SmtpUTF8Mailbox is an envelope <tt>Mailbox</tt> and has no phrase (such as a | SmtpUTF8Mailbox is an envelope <tt>Mailbox</tt> and has no phrase (such as a | |||
| common name) before it, has no comment (text surrounded in parentheses) | common name) before it, has no comment (text surrounded in parentheses) | |||
| after it, and is not surrounded by "<" and ">" characters.</t> | after it, and is not surrounded by "<" and ">" characters.</t> | |||
| <t>Due to name constraint compatibility reasons described in <xref target= "name-constraints"/>, | <t>Due to name constraint compatibility reasons described in <xref target= "name-constraints"/>, | |||
| SmtpUTF8Mailbox subjectAltName <bcp14>MUST NOT</bcp14> be used unless the Local- part | SmtpUTF8Mailbox subjectAltName <bcp14>MUST NOT</bcp14> be used unless the Local- part | |||
| of the email address contains non-ASCII characters. When the | of the email address contains non-ASCII characters. When the | |||
| Local-part is ASCII, rfc822Name subjectAltName <bcp14>MUST</bcp14> be used inste ad of | Local-part is ASCII, rfc822Name subjectAltName <bcp14>MUST</bcp14> be used inste ad of | |||
| SmtpUTF8Mailbox. This is compatible with legacy software that | SmtpUTF8Mailbox. This is compatible with legacy software that | |||
| supports only rfc822Name (and not SmtpUTF8Mailbox). The appropriate | supports only rfc822Name (and not SmtpUTF8Mailbox). The appropriate | |||
| usage of rfc822Name and SmtpUTF8Mailbox is summarized in Table 1 | usage of rfc822Name and SmtpUTF8Mailbox is summarized in Table 1 | |||
| below.</t> | below.</t> | |||
| <t>SmtpUTF8Mailbox is encoded as UTF8String. The UTF8String encoding | <t>SmtpUTF8Mailbox is encoded as UTF8String. The UTF8String encoding | |||
| <bcp14>MUST NOT</bcp14> contain a Byte-Order-Mark (BOM) <xref target="RFC3629"/> to aid consistency | <bcp14>MUST NOT</bcp14> contain a Byte Order Mark (BOM) <xref target="RFC3629"/> to aid consistency | |||
| across implementations, particularly for comparison.</t> | across implementations, particularly for comparison.</t> | |||
| <table anchor="santypes"> | <table anchor="santypes"> | |||
| <name>Email Address Formatting</name> | <name>Email Address Formatting</name> | |||
| <thead> | <thead> | |||
| <tr> | <tr> | |||
| <th align="left">Local-part char</th> | <th align="left">Local-part char</th> | |||
| <th align="left">subjectAltName</th> | <th align="left">subjectAltName</th> | |||
| </tr> | </tr> | |||
| </thead> | </thead> | |||
| <tbody> | <tbody> | |||
| skipping to change at line 209 ¶ | skipping to change at line 192 ¶ | |||
| non-conforming email address domains introduces the possibility of | non-conforming email address domains introduces the possibility of | |||
| conversion errors between alternate forms. This applies to | conversion errors between alternate forms. This applies to | |||
| SmtpUTF8Mailbox and rfc822Name in subjectAltName, issuerAltName, and | SmtpUTF8Mailbox and rfc822Name in subjectAltName, issuerAltName, and | |||
| anywhere else that these are used.</t> | anywhere else that these are used.</t> | |||
| </section> | </section> | |||
| <section anchor="name-matching"> | <section anchor="name-matching"> | |||
| <name>Matching of Internationalized Email Addresses in X.509 Certificates< /name> | <name>Matching of Internationalized Email Addresses in X.509 Certificates< /name> | |||
| <t>Equivalence comparisons with SmtpUTF8Mailbox consist of | <t>Equivalence comparisons with SmtpUTF8Mailbox consist of | |||
| a domain part step and a Local-part step. The comparison form for | a domain part step and a Local-part step. The comparison form for | |||
| Local-parts is always UTF-8. The comparison form for domain parts | Local-parts is always UTF-8. The comparison form for domain parts | |||
| is always performed with the LDH-label (<xref target="RFC5890"/>) encoding of th | is always performed with the LDH label (<xref target="RFC5890"/>) encoding of th | |||
| e | e | |||
| relevant domain labels. The comparison of LDH-labels in domain parts | relevant domain labels. The comparison of LDH labels in domain parts | |||
| reduces complexity for implementations of the certification path | reduces complexity for implementations of the certification path | |||
| validation algorithm as defined in Section 6 of <xref target="RFC5280"/> by obvi ating | validation algorithm as defined in <xref target="RFC5280" sectionFormat="of" sec tion="6"/> by obviating | |||
| the need to convert domain labels to their Unicode representation.</t> | the need to convert domain labels to their Unicode representation.</t> | |||
| <t>Comparison of two SmtpUTF8Mailboxes is straightforward with no setup | <t>Comparison of two SmtpUTF8Mailboxes is straightforward with no setup | |||
| work needed. They are considered equivalent if there is an exact | work needed. They are considered equivalent if there is an exact | |||
| octet-for-octet match.</t> | octet-for-octet match.</t> | |||
| <t>Comparison of a SmtpUTF8Mailbox and rfc822Name will always fail. | <t>Comparison of an SmtpUTF8Mailbox and rfc822Name will always fail. | |||
| SmtpUTF8Mailbox values <bcp14>SHALL</bcp14> contain a Local-part which includes | SmtpUTF8Mailbox values <bcp14>SHALL</bcp14> contain a Local-part that includes | |||
| one or more non-ASCII characters, while rfc822Names only | one or more non-ASCII characters, while rfc822Names only | |||
| include ASCII characters (including the Local-part). Thus, a | includes ASCII characters (including the Local-part). Thus, an | |||
| SmtpUTF8Mailbox and rfc822Name will never match.</t> | SmtpUTF8Mailbox and rfc822Name will never match.</t> | |||
| <t>Comparison of SmtpUTF8Mailbox values with internationalized email | <t>Comparison of SmtpUTF8Mailbox values with internationalized email | |||
| addresses from other sources (such as received email messages, user | addresses from other sources (such as received email messages, user | |||
| input, etc.) requires additional setup steps for domain part and | input, etc.) requires additional setup steps for domain part and | |||
| Local-part. The initial preparation for the email address to compare | Local-part. The initial preparation for the email address to compare | |||
| with the SmtpUTF8Mailbox value is to remove any phrases, comments, and | with the SmtpUTF8Mailbox value is to remove any phrases, comments, and | |||
| "<" or ">" characters.</t> | "<" or ">" characters.</t> | |||
| <t>For the setup of the domain part, the following conversions <bcp14>SHAL L</bcp14> be | <t>For the setup of the domain part, the following conversions <bcp14>SHAL L</bcp14> be | |||
| performed:</t> | performed:</t> | |||
| <ol spacing="normal" type="1"><li> | <ol spacing="normal" type="1"><li> | |||
| <t>Convert all labels which constitute the domain part that include | <t>Convert all labels that constitute the domain part that include | |||
| non-ASCII characters to A-labels if not already in that form. </t> | non-ASCII characters to A-labels, if not already in that form. </t> | |||
| <t> | <ol spacing="normal" type="a"> | |||
| a. Detect all U-labels present within the domain part using | <li> <t> | |||
| Section 5.1 of <xref target="RFC5891"/>. </t> | Detect all U-labels present within the domain part using | |||
| <xref target="RFC5891" sectionFormat="of" section="5.1"/>. </t> | ||||
| </li> | ||||
| <li> | ||||
| <t> | <t> | |||
| b. Transform all detected U-labels (Unicode) to A-labels (ASCII) | Transform all detected U-labels (Unicode) to A-labels (ASCII) | |||
| as specified in Section 5.5 of <xref target="RFC5891"/>.</t> | as specified in <xref target="RFC5891" sectionFormat="of" section="5.5"/>.</t | |||
| > | ||||
| </li></ol> | ||||
| </li> | </li> | |||
| <li> | <li> | |||
| <t>Convert all uppercase letters found within the NR-LDH and A-label | <t>Convert all uppercase letters found within the NR-LDH and A-label | |||
| labels which constitute the domain part to lowercase letters.</t> | labels that constitute the domain part to lowercase letters.</t> | |||
| </li> | </li> | |||
| </ol> | </ol> | |||
| <t>For the setup of the Local-part, the Local-part <bcp14>MUST</bcp14> be verified to | <t>For the setup of the Local-part, the Local-part <bcp14>MUST</bcp14> be verified to | |||
| conform to the requirements of <xref target="RFC6530"/> and <xref target="RFC653 1"/>, including | conform to the requirements of <xref target="RFC6530"/> and <xref target="RFC653 1"/>, including | |||
| being a string in UTF-8 form. In particular, the Local- | being a string in UTF-8 form. In particular, the Local- | |||
| part <bcp14>MUST NOT</bcp14> be transformed in any way, such as by doing case | part <bcp14>MUST NOT</bcp14> be transformed in any way, such as by doing case | |||
| folding or normalization of any kind. The <tt>Local-part</tt> part of an | folding or normalization of any kind. The <tt>Local-part</tt> of an | |||
| internationalized email address is already in UTF-8. Once setup is | internationalized email address is already in UTF-8. Once setup is | |||
| complete, they are again compared octet-for-octet.</t> | complete, they are again compared octet for octet.</t> | |||
| <t>To summarize non-normatively, the comparison steps, including setup, | <t>To summarize non-normatively, the comparison steps, including setup, | |||
| are:</t> | are:</t> | |||
| <ol spacing="normal" type="1"><li> | <ol spacing="normal" type="1"><li> | |||
| <t>If the domain contains U-labels, transform them to A-labels.</t> | <t>If the domain contains U-labels, transform them to A-labels.</t> | |||
| </li> | </li> | |||
| <li> | <li> | |||
| <t>If any NR-LDH or A-label domain label in the domain part | <t>If any NR-LDH or A-label domain label in the domain part | |||
| contains uppercase letters, lowercase them.</t> | contains uppercase letters, lowercase them.</t> | |||
| </li> | </li> | |||
| <li> | <li> | |||
| <t>Compare strings octet-for-octet for equivalence.</t> | <t>Compare strings octet for octet for equivalence.</t> | |||
| </li> | </li> | |||
| </ol> | </ol> | |||
| <t>This specification expressly does not define any wildcard characters, | <t>This specification expressly does not define any wildcard characters, | |||
| and SmtpUTF8Mailbox comparison implementations <bcp14>MUST NOT</bcp14> interpret any | and SmtpUTF8Mailbox comparison implementations <bcp14>MUST NOT</bcp14> interpret any | |||
| characters as wildcards. Instead, to specify multiple email | characters as wildcards. Instead, to specify multiple email | |||
| addresses through SmtpUTF8Mailbox, the certificate <bcp14>MUST</bcp14> use multi ple | addresses through SmtpUTF8Mailbox, the certificate <bcp14>MUST</bcp14> use multi ple | |||
| subjectAltNames or issuerAltNames to explicitly carry any additional | subjectAltNames or issuerAltNames to explicitly carry any additional | |||
| email addresses.</t> | email addresses.</t> | |||
| </section> | </section> | |||
| <section anchor="name-constraints"> | <section anchor="name-constraints"> | |||
| <name>Name Constraints in Path Validation</name> | <name>Name Constraints in Path Validation</name> | |||
| <t>This section updates Section 4.2.1.10 of <xref target="RFC5280"/> to ex tend | <t>This section updates <xref target="RFC5280" sectionFormat="of" section= "4.2.1.10"/> to extend | |||
| rfc822Name name constraints to SmtpUTF8Mailbox subjectAltNames. | rfc822Name name constraints to SmtpUTF8Mailbox subjectAltNames. | |||
| SmtpUTF8Mailbox-aware path validators will apply name constraint | SmtpUTF8Mailbox-aware path validators will apply name constraint | |||
| comparison to the subject distinguished name and both forms of | comparison to the subject distinguished name and both forms of | |||
| subject alternative names rfc822Name and SmtpUTF8Mailbox.</t> | subject alternative names, rfc822Name and SmtpUTF8Mailbox.</t> | |||
| <t>Both rfc822Name and SmtpUTF8Mailbox subject alternative names | <t>Both rfc822Name and SmtpUTF8Mailbox subject alternative names | |||
| represent the same underlying email address namespace. Since legacy | represent the same underlying email address namespace. Since legacy | |||
| CAs constrained to issue certificates for a specific set of domains | Certification Authorities (CAs) constrained to issue certificates for a specific | |||
| would lack corresponding UTF-8 constraints, <xref target="RFC8399BIS"/> updates, | set of domains | |||
| would lack corresponding UTF-8 constraints, <xref target="RFC9549"/> updates, | ||||
| modifies, and extends rfc822Name name constraints defined in | modifies, and extends rfc822Name name constraints defined in | |||
| <xref target="RFC5280"/> to cover SmtpUTF8Mailbox subject alternative names. Th is | <xref target="RFC5280"/> to cover SmtpUTF8Mailbox subject alternative names. Th is | |||
| ensures that the introduction of SmtpUTF8Mailbox does not violate | ensures that the introduction of SmtpUTF8Mailbox does not violate | |||
| existing name constraints. Since it is not valid to include | existing name constraints. Since it is not valid to include | |||
| non-ASCII UTF-8 characters in the Local-part of rfc822Name name | non-ASCII UTF-8 characters in the Local-part of rfc822Name name | |||
| constraints, and since name constraints that include a Local-part are | constraints, and since name constraints that include a Local-part are | |||
| rarely, if at all, used in practice, name constraints updated in | rarely, if at all, used in practice, name constraints updated in | |||
| <xref target="RFC8399BIS"/> allow the forms that represent all addresses at a ho st or | <xref target="RFC9549"/> allow the forms that represent all addresses at a host, or | |||
| all mailboxes in a domain and deprecates rfc822Name name constraints | all mailboxes in a domain and deprecates rfc822Name name constraints | |||
| that represent a particular mailbox. That is, rfc822Name constraints | that represent a particular mailbox. That is, rfc822Name constraints | |||
| with a Local-part <bcp14>SHOULD NOT</bcp14> be used.</t> | with a Local-part <bcp14>SHOULD NOT</bcp14> be used.</t> | |||
| <t>Constraint comparison with SmtpUTF8Mailbox subjectAltName starts with | <t>Constraint comparison with SmtpUTF8Mailbox subjectAltName starts with | |||
| the setup steps defined by <xref target="name-matching"/>. Setup converts the i nputs of | the setup steps defined in <xref target="name-matching"/>. Setup converts the i nputs of | |||
| the comparison (which is one of a subject distinguished name, an | the comparison (which is one of a subject distinguished name, an | |||
| rfc822Name, or an SmtpUTF8Mailbox subjectAltName, and one of an | rfc822Name, or an SmtpUTF8Mailbox subjectAltName, and one of an | |||
| rfc822Name name constraint) to constraint comparison form. For both the | rfc822Name name constraint) to constraint comparison form. For both the | |||
| name constraint and the subject, this will convert all A-labels and | name constraint and the subject, this will convert all A-labels and | |||
| NR-LDH labels to lowercase. Strip the Local-part and "@" | NR-LDH labels to lowercase. Strip the Local-part and "@" | |||
| separator from each rfc822Name and SmtpUTF8Mailbox, leaving just the | separator from each rfc822Name and SmtpUTF8Mailbox, which leaves just the | |||
| domain part. After setup, this follows the comparison steps defined | domain part. After setup, follow the comparison steps defined | |||
| in Section 4.2.1.10 of <xref target="RFC5280"/> as follows. If the resulting na | in <xref target="RFC5280" sectionFormat="of" section="4.2.1.10"/> as follows. I | |||
| me | f the resulting name | |||
| constraint domain starts with a "." character, then for the name | constraint domain starts with a "." character, then for the name | |||
| constraint to match, a suffix of the resulting subject alternative | constraint to match, a suffix of the resulting subject alternative | |||
| name domain <bcp14>MUST</bcp14> match the name constraint (including the leading | name domain <bcp14>MUST</bcp14> match the name constraint (including the leading | |||
| ".") octet-for-octet. If the resulting name constraint domain does | ".") octet for octet. If the resulting name constraint domain does | |||
| not start with a "." character, then for the name constraint to | not start with a "." character, then for the name constraint to | |||
| match, the entire resulting subject alternative name domain <bcp14>MUST</bcp14> | match, the entire resulting subject alternative name domain <bcp14>MUST</bcp14> | |||
| match the name constraint octet-for-octet.</t> | match the name constraint octet for octet.</t> | |||
| <t>Certificate Authorities that wish to issue CA certificates with email | <t>Certificate Authorities that wish to issue CA certificates with email | |||
| address name constraints <bcp14>MUST</bcp14> use rfc822Name subject alternative | address name constraints <bcp14>MUST</bcp14> use rfc822Name subject alternative | |||
| names only. These <bcp14>MUST</bcp14> be IDNA2008-conformant names with no mapp ings | names only. These <bcp14>MUST</bcp14> be IDNA2008-conformant names with no mapp ings | |||
| and with non-ASCII domains encoded in A-labels only.</t> | and with non-ASCII domains encoded in A-labels only.</t> | |||
| <t>The name constraint requirement with SmtpUTF8Mailbox subject | <t>The name constraint requirement with an SmtpUTF8Mailbox subject | |||
| alternative name is illustrated in the non-normative diagram in | alternative name is illustrated in the non-normative diagram in | |||
| <xref target="nctypes"/>. The first example (1) illustrates a permitted rfc822N ame | <xref target="nctypes"/>. The first example (1) illustrates a permitted rfc822N ame | |||
| ASCII-only host name name constraint and the corresponding valid | ASCII-only host name name constraint and the corresponding valid | |||
| rfc822Name subjectAltName and SmtpUTF8Mailbox subjectAltName email | rfc822Name subjectAltName and SmtpUTF8Mailbox subjectAltName email | |||
| addresses. The second example (2) illustrates a permitted rfc822Name | addresses. The second example (2) illustrates a permitted rfc822Name | |||
| host name name constraint with A-label, and the corresponding valid | host name name constraint with an A-label, and the corresponding valid | |||
| rfc822Name subjectAltName and SmtpUTF8Mailbox subjectAltName email | rfc822Name subjectAltName and SmtpUTF8Mailbox subjectAltName email | |||
| addresses. Note that an email address with ASCII-only Local-part is | addresses. Note that an email address with an ASCII-only Local-part is | |||
| encoded as rfc822Name despite also having Unicode present in the | encoded as rfc822Name despite also having Unicode present in the | |||
| domain.</t> | domain.</t> | |||
| <figure anchor="nctypes"> | <figure anchor="nctypes"> | |||
| <name>Name Constraints with SmtpUTF8Name and rfc822Name</name> | <name>Name Constraints with SmtpUTF8Name and rfc822Name</name> | |||
| <artwork><![CDATA[ | <artwork><![CDATA[ | |||
| +-------------------------------------------------------------------+ | +-------------------------------------------------------------------+ | |||
| | Root CA Cert | | | Root CA Cert | | |||
| +-------------------------------------------------------------------+ | +-------------------------------------------------------------------+ | |||
| | | | | |||
| v | v | |||
| skipping to change at line 347 ¶ | skipping to change at line 334 ¶ | |||
| | rfc822Name: elementary.school.example.com (1) | | | rfc822Name: elementary.school.example.com (1) | | |||
| | | | | | | |||
| | rfc822Name: xn--pss25c.example.com (2) | | | rfc822Name: xn--pss25c.example.com (2) | | |||
| | | | | | | |||
| +-------------------------------------------------------------------+ | +-------------------------------------------------------------------+ | |||
| | | | | |||
| v | v | |||
| +-------------------------------------------------------------------+ | +-------------------------------------------------------------------+ | |||
| | Entity Cert (w/explicitly permitted subjects) | | | Entity Cert (w/explicitly permitted subjects) | | |||
| | SubjectAltName Extension | | | SubjectAltName Extension | | |||
| | rfc822Name: student@elementary.school.example.com (1) | | | rfc822Name: student@elementary.school.example.com (1) | | |||
| | SmtpUTF8Mailbox: u+5B66u+751F@elementary.school.example.com | | | SmtpUTF8Mailbox: u+5B66u+751F@elementary.school.example.com | | |||
| | (1) | | | (1) | | |||
| | | | | | | |||
| | rfc822Name: student@xn--pss25c.example.com (2) | | | rfc822Name: student@xn--pss25c.example.com (2) | | |||
| | SmtpUTF8Mailbox: u+533Bu+751F@xn--pss25c.example.com (2) | | | SmtpUTF8Mailbox: u+533Bu+751F@xn--pss25c.example.com (2) | | |||
| | | | | | | |||
| +-------------------------------------------------------------------+ | +-------------------------------------------------------------------+ | |||
| ]]></artwork> | ]]></artwork> | |||
| </figure> | </figure> | |||
| </section> | </section> | |||
| <section anchor="security-considerations"> | <section anchor="security-considerations"> | |||
| <name>Security Considerations</name> | <name>Security Considerations</name> | |||
| <t>Use of SmtpUTF8Mailbox for certificate subjectAltName (and | <t>Use of SmtpUTF8Mailbox for certificate subjectAltName (and | |||
| issuerAltName) will incur many of the same security considerations as | issuerAltName) will incur many of the same security considerations | |||
| in Section 8 in <xref target="RFC5280"/>, but it introduces a new issue by | described in <xref target="RFC5280" sectionFormat="of" section="8"/>, but it int | |||
| roduces a new issue by | ||||
| permitting non-ASCII characters in the email address Local-part. | permitting non-ASCII characters in the email address Local-part. | |||
| This issue, as mentioned in Section 4.4 of <xref target="RFC5890"/> and in Secti | This issue, as mentioned in <xref target="RFC5890" sectionFormat="of" section="4 | |||
| on 4 | .4"/> and in <xref target="RFC6532" sectionFormat="of" section="4"/>, is that us | |||
| of <xref target="RFC6532"/>, is that use of Unicode introduces the risk of visua | e of Unicode introduces the risk of visually | |||
| lly | ||||
| similar and identical characters that can be exploited to deceive the | similar and identical characters that can be exploited to deceive the | |||
| recipient. The former document references some means to mitigate | recipient. The former document references some means to mitigate | |||
| against these attacks. See <xref target="WEBER"/> for more background on securi ty | against these attacks. See <xref target="WEBER"/> for more background on securi ty | |||
| issues with Unicode.</t> | issues with Unicode.</t> | |||
| <t>Additionally, it is possible to encode a string of Unicode | <t>Additionally, it is possible to encode a string of Unicode | |||
| user-perceived characters in multiple ways. While various Unicode | user-perceived characters in multiple ways. While various Unicode | |||
| normalization forms exist, <xref target="RFC6531"/> does not mandate the use of any | normalization forms exist, <xref target="RFC6531"/> does not mandate the use of any | |||
| such forms for the encoding of the Local-part. Thus, it may be possible | such forms for the encoding of the Local-part. Thus, it may be possible | |||
| to encode a Local-part value in multiple ways. To mitigate against | to encode a Local-part value in multiple ways. To mitigate against | |||
| attacks where different encodings are used by the mail system and the | attacks where different encodings are used by the mail system and the | |||
| Certification Authority issuing certificates containing | Certification Authority issues certificates containing | |||
| <tt>SmtpUTF8Mailbox</tt> values, this specification requires an octet-for-octet | <tt>SmtpUTF8Mailbox</tt> values, this specification requires an octet-for-octet | |||
| comparison of the Local-part. However, requiring the use of binary | comparison of the Local-part. However, requiring the use of binary | |||
| comparison may raise interoperability concerns where the mail system | comparison may raise interoperability concerns where the mail system | |||
| employs one encoding and the Certification Authority employs another.</t> | employs one encoding and the Certification Authority employs another.</t> | |||
| </section> | </section> | |||
| <section anchor="differences-from-rfc-8398"> | <section anchor="differences-from-rfc-8398"> | |||
| <name>Differences from RFC 8398</name> | <name>Differences from RFC 8398</name> | |||
| <t>This document obsoletes <xref target="RFC8398"/>. There are three major changes | <t>This document obsoletes <xref target="RFC8398"/>. There are three major changes | |||
| defined in this specification which deviate from <xref target="RFC8398"/>:</t> | defined in this specification:</t> | |||
| <ol spacing="normal" type="1"><li> | <ol spacing="normal" type="1"><li> | |||
| <t>In all cases, domain labels in mail addresses <bcp14>SHALL</bcp14> be encoded as | <t>In all cases, domain labels in mail addresses <bcp14>SHALL</bcp14> be encoded as | |||
| LDH-labels. In particular, domain names <bcp14>SHALL NOT</bcp14> be encoded usin | LDH labels. In particular, domain names <bcp14>SHALL NOT</bcp14> be encoded usin | |||
| g | g | |||
| U-Labels and instead use A-Labels.</t> | U-Labels; instead, use A-Labels.</t> | |||
| </li> | </li> | |||
| <li> | <li> | |||
| <t>To accommodate the first change listed above, the mail address | <t>To accommodate the first change listed above, the mail address | |||
| matching algorithm defined in Section 5 of <xref target="RFC8398"/> has been mod ified | matching algorithm defined in <xref target="RFC8398" sectionFormat="of" section= "5"/> has been modified | |||
| to only accept domain labels that are encoded using their A-label | to only accept domain labels that are encoded using their A-label | |||
| representation.</t> | representation.</t> | |||
| </li> | </li> | |||
| <li> | <li> | |||
| <t>Additionally, the name constraints processing algorithm defined in | <t>Additionally, the procedure to process rfc822Name name constraints | |||
| Section 6 of <xref target="RFC8398"/> has been modified to only accept domain la | as defined | |||
| bels | in | |||
| <xref target="RFC8398" sectionFormat="of" section="6"/> has been modified to onl | ||||
| y accept domain labels | ||||
| that are encoded using their A-label representation.</t> | that are encoded using their A-label representation.</t> | |||
| </li> | </li> | |||
| </ol> | </ol> | |||
| </section> | </section> | |||
| <section anchor="iana-considerations"> | <section anchor="iana-considerations"> | |||
| <name>IANA Considerations</name> | <name>IANA Considerations</name> | |||
| <t>Update the document reference for the id-mod-lamps-eai-addresses-2016 | <t>IANA has updated the reference for the id-mod-lamps-eai-addresses-2016 | |||
| module in the "SMI Security for PKIX Module Identifier" | module in the "SMI Security for PKIX Module Identifier" | |||
| (1.3.6.1.5.5.7.0) registry from RFC 8398 to this document.</t> | (1.3.6.1.5.5.7.0) registry to refer to this document instead of <xref target="RF | |||
| <t>Update the document reference for the SmtpUTF8Mailbox otherName in the | C8398"/>.</t> | |||
| "SMI Security for PKIX Other Name Forms" (1.3.6.1.5.5.7.8) registry | <t>IANA has updated the reference for the SmtpUTF8Mailbox otherName in the | |||
| from RFC 8398 to this document.</t> | "SMI Security for PKIX Other Name Forms" (1.3.6.1.5.5.7.8) registry to refer to | |||
| this document instead of <xref target="RFC8398"/>.</t> | ||||
| </section> | </section> | |||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references> | <references> | |||
| <name>References</name> | <name>References</name> | |||
| <references anchor="sec-normative-references"> | <references anchor="sec-normative-references"> | |||
| <name>Normative References</name> | <name>Normative References</name> | |||
| <reference anchor="RFC8399BIS" target="https://datatracker.ietf.org/doc/ | ||||
| draft-housley-lamps-rfc8399bis/"> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.95 | |||
| <front> | 49.xml"/> | |||
| <title>Internationalization Updates to RFC 5280</title> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.52 | |||
| <author initials="R." surname="Housley" fullname="Russ Housley"> | 80.xml"/> | |||
| <organization>Vigil Security, LLC</organization> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.53 | |||
| </author> | 21.xml"/> | |||
| <date>n.d.</date> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.65 | |||
| </front> | 31.xml"/> | |||
| </reference> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.58 | |||
| <reference anchor="RFC5280"> | 90.xml"/> | |||
| <front> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.21 | |||
| <title>Internet X.509 Public Key Infrastructure Certificate and Cert | 19.xml"/> | |||
| ificate Revocation List (CRL) Profile</title> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.81 | |||
| <author fullname="D. Cooper" initials="D." surname="Cooper"/> | 74.xml"/> | |||
| <author fullname="S. Santesson" initials="S." surname="Santesson"/> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.65 | |||
| <author fullname="S. Farrell" initials="S." surname="Farrell"/> | 32.xml"/> | |||
| <author fullname="S. Boeyen" initials="S." surname="Boeyen"/> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.36 | |||
| <author fullname="R. Housley" initials="R." surname="Housley"/> | 29.xml"/> | |||
| <author fullname="W. Polk" initials="W." surname="Polk"/> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.58 | |||
| <date month="May" year="2008"/> | 91.xml"/> | |||
| <abstract> | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.65 | |||
| <t>This memo profiles the X.509 v3 certificate and X.509 v2 certif | 30.xml"/> | |||
| icate revocation list (CRL) for use in the Internet. An overview of this approac | <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.83 | |||
| h and model is provided as an introduction. The X.509 v3 certificate format is d | 98.xml"/> | |||
| escribed in detail, with additional information regarding the format and semanti | ||||
| cs of Internet name forms. Standard certificate extensions are described and two | ||||
| Internet-specific extensions are defined. A set of required certificate extensi | ||||
| ons is specified. The X.509 v2 CRL format is described in detail along with stan | ||||
| dard and Internet-specific extensions. An algorithm for X.509 certification path | ||||
| validation is described. An ASN.1 module and examples are provided in the appen | ||||
| dices. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5280"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5280"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5321"> | ||||
| <front> | ||||
| <title>Simple Mail Transfer Protocol</title> | ||||
| <author fullname="J. Klensin" initials="J." surname="Klensin"/> | ||||
| <date month="October" year="2008"/> | ||||
| <abstract> | ||||
| <t>This document is a specification of the basic protocol for Inte | ||||
| rnet electronic mail transport. It consolidates, updates, and clarifies several | ||||
| previous documents, making all or parts of most of them obsolete. It covers the | ||||
| SMTP extension mechanisms and best practices for the contemporary Internet, but | ||||
| does not provide details about particular extensions. Although SMTP was designed | ||||
| as a mail transport and delivery protocol, this specification also contains inf | ||||
| ormation that is important to its use as a "mail submission" protocol for "split | ||||
| -UA" (User Agent) mail reading systems and mobile environments. [STANDARDS-TRACK | ||||
| ]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5321"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5321"/> | ||||
| </reference> | ||||
| <reference anchor="RFC6531"> | ||||
| <front> | ||||
| <title>SMTP Extension for Internationalized Email</title> | ||||
| <author fullname="J. Yao" initials="J." surname="Yao"/> | ||||
| <author fullname="W. Mao" initials="W." surname="Mao"/> | ||||
| <date month="February" year="2012"/> | ||||
| <abstract> | ||||
| <t>This document specifies an SMTP extension for transport and del | ||||
| ivery of email messages with internationalized email addresses or header informa | ||||
| tion. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="6531"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC6531"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5890"> | ||||
| <front> | ||||
| <title>Internationalized Domain Names for Applications (IDNA): Defin | ||||
| itions and Document Framework</title> | ||||
| <author fullname="J. Klensin" initials="J." surname="Klensin"/> | ||||
| <date month="August" year="2010"/> | ||||
| <abstract> | ||||
| <t>This document is one of a collection that, together, describe t | ||||
| he protocol and usage context for a revision of Internationalized Domain Names f | ||||
| or Applications (IDNA), superseding the earlier version. It describes the docume | ||||
| nt collection and provides definitions and other material that are common to the | ||||
| set. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5890"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5890"/> | ||||
| </reference> | ||||
| <reference anchor="RFC2119"> | ||||
| <front> | ||||
| <title>Key words for use in RFCs to Indicate Requirement Levels</tit | ||||
| le> | ||||
| <author fullname="S. Bradner" initials="S." surname="Bradner"/> | ||||
| <date month="March" year="1997"/> | ||||
| <abstract> | ||||
| <t>In many standards track documents several words are used to sig | ||||
| nify the requirements in the specification. These words are often capitalized. T | ||||
| his document defines these words as they should be interpreted in IETF documents | ||||
| . This document specifies an Internet Best Current Practices for the Internet Co | ||||
| mmunity, and requests discussion and suggestions for improvements.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="2119"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC2119"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8174"> | ||||
| <front> | ||||
| <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti | ||||
| tle> | ||||
| <author fullname="B. Leiba" initials="B." surname="Leiba"/> | ||||
| <date month="May" year="2017"/> | ||||
| <abstract> | ||||
| <t>RFC 2119 specifies common key words that may be used in protoco | ||||
| l specifications. This document aims to reduce the ambiguity by clarifying that | ||||
| only UPPERCASE usage of the key words have the defined special meanings.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="8174"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8174"/> | ||||
| </reference> | ||||
| <reference anchor="RFC6532"> | ||||
| <front> | ||||
| <title>Internationalized Email Headers</title> | ||||
| <author fullname="A. Yang" initials="A." surname="Yang"/> | ||||
| <author fullname="S. Steele" initials="S." surname="Steele"/> | ||||
| <author fullname="N. Freed" initials="N." surname="Freed"/> | ||||
| <date month="February" year="2012"/> | ||||
| <abstract> | ||||
| <t>Internet mail was originally limited to 7-bit ASCII. MIME added | ||||
| support for the use of 8-bit character sets in body parts, and also defined an | ||||
| encoded-word construct so other character sets could be used in certain header f | ||||
| ield values. However, full internationalization of electronic mail requires addi | ||||
| tional enhancements to allow the use of Unicode, including characters outside th | ||||
| e ASCII repertoire, in mail addresses as well as direct use of Unicode in header | ||||
| fields like "From:", "To:", and "Subject:", without requiring the use of comple | ||||
| x encoded-word constructs. This document specifies an enhancement to the Interne | ||||
| t Message Format and to MIME that allows use of Unicode in mail addresses and mo | ||||
| st header field content.</t> | ||||
| <t>This specification updates Section 6.4 of RFC 2045 to eliminate | ||||
| the restriction prohibiting the use of non-identity content-transfer- encodings | ||||
| on subtypes of "message/". [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="6532"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC6532"/> | ||||
| </reference> | ||||
| <reference anchor="RFC3629"> | ||||
| <front> | ||||
| <title>UTF-8, a transformation format of ISO 10646</title> | ||||
| <author fullname="F. Yergeau" initials="F." surname="Yergeau"/> | ||||
| <date month="November" year="2003"/> | ||||
| <abstract> | ||||
| <t>ISO/IEC 10646-1 defines a large character set called the Univer | ||||
| sal Character Set (UCS) which encompasses most of the world's writing systems. T | ||||
| he originally proposed encodings of the UCS, however, were not compatible with m | ||||
| any current applications and protocols, and this has led to the development of U | ||||
| TF-8, the object of this memo. UTF-8 has the characteristic of preserving the fu | ||||
| ll US-ASCII range, providing compatibility with file systems, parsers and other | ||||
| software that rely on US-ASCII values but are transparent to other values. This | ||||
| memo obsoletes and replaces RFC 2279.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="STD" value="63"/> | ||||
| <seriesInfo name="RFC" value="3629"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC3629"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5891"> | ||||
| <front> | ||||
| <title>Internationalized Domain Names in Applications (IDNA): Protoc | ||||
| ol</title> | ||||
| <author fullname="J. Klensin" initials="J." surname="Klensin"/> | ||||
| <date month="August" year="2010"/> | ||||
| <abstract> | ||||
| <t>This document is the revised protocol definition for Internatio | ||||
| nalized Domain Names (IDNs). The rationale for changes, the relationship to the | ||||
| older specification, and important terminology are provided in other documents. | ||||
| This document specifies the protocol mechanism, called Internationalized Domain | ||||
| Names in Applications (IDNA), for registering and looking up IDNs in a way that | ||||
| does not require changes to the DNS itself. IDNA is only meant for processing do | ||||
| main names, not free text. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="5891"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5891"/> | ||||
| </reference> | ||||
| <reference anchor="RFC6530"> | ||||
| <front> | ||||
| <title>Overview and Framework for Internationalized Email</title> | ||||
| <author fullname="J. Klensin" initials="J." surname="Klensin"/> | ||||
| <author fullname="Y. Ko" initials="Y." surname="Ko"/> | ||||
| <date month="February" year="2012"/> | ||||
| <abstract> | ||||
| <t>Full use of electronic mail throughout the world requires that | ||||
| (subject to other constraints) people be able to use close variations on their o | ||||
| wn names (written correctly in their own languages and scripts) as mailbox names | ||||
| in email addresses. This document introduces a series of specifications that de | ||||
| fine mechanisms and protocol extensions needed to fully support internationalize | ||||
| d email addresses. These changes include an SMTP extension and extension of emai | ||||
| l header syntax to accommodate UTF-8 data. The document set also includes discus | ||||
| sion of key assumptions and issues in deploying fully internationalized email. T | ||||
| his document is a replacement for RFC 4952; it reflects additional issues identi | ||||
| fied since that document was published. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="6530"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC6530"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8398"> | ||||
| <front> | ||||
| <title>Internationalized Email Addresses in X.509 Certificates</titl | ||||
| e> | ||||
| <author fullname="A. Melnikov" initials="A." role="editor" surname=" | ||||
| Melnikov"/> | ||||
| <author fullname="W. Chuang" initials="W." role="editor" surname="Ch | ||||
| uang"/> | ||||
| <date month="May" year="2018"/> | ||||
| <abstract> | ||||
| <t>This document defines a new name form for inclusion in the othe | ||||
| rName field of an X.509 Subject Alternative Name and Issuer Alternative Name ext | ||||
| ension that allows a certificate subject to be associated with an internationali | ||||
| zed email address.</t> | ||||
| <t>This document updates RFC 5280.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="8398"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8398"/> | ||||
| </reference> | ||||
| </references> | </references> | |||
| <references anchor="sec-informative-references"> | <references anchor="sec-informative-references"> | |||
| <name>Informative References</name> | <name>Informative References</name> | |||
| <reference anchor="WEBER" target="https://www.lookout.net/files/Chris_We ber_Character%20Transformations%20v1.7_IUC33.pdf"> | <reference anchor="WEBER" target="https://www.lookout.net/files/Chris_We ber_Character%20Transformations%20v1.7_IUC33.pdf"> | |||
| <front> | <front> | |||
| <title>Attacking Software Globalization</title> | <title>Unraveling Unicode: A Bag of Tricks for Bug Hunting</title> | |||
| <author initials="C." surname="Weber" fullname="C. Weber"> | <author initials="C." surname="Weber" fullname="Chris Weber"> | |||
| <organization/> | <organization/> | |||
| </author> | </author> | |||
| <date year="2010" month="March"/> | <date year="2009" month="July"/> | |||
| </front> | ||||
| </reference> | ||||
| <reference anchor="RFC5912"> | ||||
| <front> | ||||
| <title>New ASN.1 Modules for the Public Key Infrastructure Using X.5 | ||||
| 09 (PKIX)</title> | ||||
| <author fullname="P. Hoffman" initials="P." surname="Hoffman"/> | ||||
| <author fullname="J. Schaad" initials="J." surname="Schaad"/> | ||||
| <date month="June" year="2010"/> | ||||
| <abstract> | ||||
| <t>The Public Key Infrastructure using X.509 (PKIX) certificate fo | ||||
| rmat, and many associated formats, are expressed using ASN.1. The current ASN.1 | ||||
| modules conform to the 1988 version of ASN.1. This document updates those ASN.1 | ||||
| modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire c | ||||
| hanges to any of the formats; this is simply a change to the syntax. This docume | ||||
| nt is not an Internet Standards Track specification; it is published for informa | ||||
| tional purposes.</t> | ||||
| </abstract> | ||||
| </front> | </front> | |||
| <seriesInfo name="RFC" value="5912"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5912"/> | ||||
| </reference> | </reference> | |||
| <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.59 | ||||
| 12.xml"/> | ||||
| </references> | </references> | |||
| </references> | </references> | |||
| <?line 418?> | ||||
| <section anchor="asn1-module"> | <section anchor="asn1-module"> | |||
| <name>ASN.1 Module</name> | <name>ASN.1 Module</name> | |||
| <t>The following ASN.1 module normatively specifies the SmtpUTF8Mailbox | <t>The following ASN.1 module normatively specifies the SmtpUTF8Mailbox | |||
| structure. This specification uses the ASN.1 definitions from | structure. This specification uses the ASN.1 definitions from | |||
| <xref target="RFC5912"/> with the 2002 ASN.1 notation used in that document. | <xref target="RFC5912"/> with the 2002 ASN.1 notation used in that document. | |||
| <xref target="RFC5912"/> updates normative documents using older ASN.1 notation. </t> | <xref target="RFC5912"/> updates normative documents using older ASN.1 notation. </t> | |||
| <artwork><![CDATA[ | <sourcecode type="ASN.1"><![CDATA[ | |||
| LAMPS-EaiAddresses-2016 | LAMPS-EaiAddresses-2016 | |||
| { iso(1) identified-organization(3) dod(6) | { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-lamps-eai-addresses-2016(92) } | id-mod-lamps-eai-addresses-2016(92) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| OTHER-NAME | OTHER-NAME | |||
| skipping to change at line 649 ¶ | skipping to change at line 484 ¶ | |||
| on-SmtpUTF8Mailbox OTHER-NAME ::= { | on-SmtpUTF8Mailbox OTHER-NAME ::= { | |||
| SmtpUTF8Mailbox IDENTIFIED BY id-on-SmtpUTF8Mailbox | SmtpUTF8Mailbox IDENTIFIED BY id-on-SmtpUTF8Mailbox | |||
| } | } | |||
| id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } | id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } | |||
| SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) | SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) | |||
| -- SmtpUTF8Mailbox conforms to Mailbox as specified | -- SmtpUTF8Mailbox conforms to Mailbox as specified | |||
| -- in Section 3.3 of RFC 6531. Additionally, all domain | -- in Section 3.3 of RFC 6531. Additionally, all domain | |||
| -- labels included in the SmtpUTF8Mailbox value are | -- labels included in the SmtpUTF8Mailbox value are | |||
| -- encoded as LDH Labels. In particular, domain labels | ||||
| -- are not encoded as U-Labels and instead are encoded | -- are not encoded as U-Labels and instead are encoded | |||
| -- using their A-label representation. | -- using their A-label representation. | |||
| END | END | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="example-of-smtputf8mailbox"> | <section anchor="example-of-smtputf8mailbox"> | |||
| <name>Example of SmtpUTF8Mailbox</name> | <name>Example of SmtpUTF8Mailbox</name> | |||
| <t>This non-normative example demonstrates using SmtpUTF8Mailbox as an | <t>This non-normative example demonstrates using SmtpUTF8Mailbox as an | |||
| otherName in GeneralName to encode the email address | otherName in GeneralName to encode the email address | |||
| "u+533Bu+751F@xn--pss25c.example.com".</t> | "u+533Bu+751F@xn--pss25c.example.com".</t> | |||
| <t>The hexadecimal DER encoding of the block is:</t> | <t>The hexadecimal DER encoding of the block is:</t> | |||
| <artwork><![CDATA[ | <artwork><![CDATA[ | |||
| a02b0608 2b060105 05070809 a01f0c1d e58cbbe7 949f4078 6e2d2d70 | a02b0608 2b060105 05070809 a01f0c1d e58cbbe7 949f4078 6e2d2d70 | |||
| 73733235 632e6578 616d706c 652e636f 6d | 73733235 632e6578 616d706c 652e636f 6d | |||
| skipping to change at line 684 ¶ | skipping to change at line 519 ¶ | |||
| ]]></artwork> | ]]></artwork> | |||
| <t>The example was encoded using Google's "der-ascii" program and the | <t>The example was encoded using Google's "der-ascii" program and the | |||
| above text decoding is an output of Peter Gutmann's "dumpasn1" | above text decoding is an output of Peter Gutmann's "dumpasn1" | |||
| program.</t> | program.</t> | |||
| </section> | </section> | |||
| <section numbered="false" anchor="acknowledgments"> | <section numbered="false" anchor="acknowledgments"> | |||
| <name>Acknowledgments</name> | <name>Acknowledgments</name> | |||
| <t>The authors thank David Benjamin for providing the motivation for this | <t>The authors thank David Benjamin for providing the motivation for this | |||
| document. Additionally, the authors thank Éric Vyncke, John Levine, | document. Additionally, the authors thank Éric Vyncke, John Levine, | |||
| Peter van Dijk, Rich Salz, Russ Housley, and Tim Hollebeek for their | Peter van Dijk, Rich Salz, Russ Housley, and Tim Hollebeek for their | |||
| reviews and feedback which meaningfully improved the document.</t> | reviews and feedback, which meaningfully improved the document.</t> | |||
| <t>The authors also recognize and appreciate the following individuals for | <t>The authors also recognize and appreciate the following individuals for | |||
| their contributions to the previous version of this document:</t> | their contributions to <xref target="RFC8398"/>:</t> | |||
| <blockquote> | ||||
| <t>Thank you to Magnus Nystrom for motivating this document. Thanks to | <t>Thank you to Magnus Nystrom for motivating this document. Thanks to | |||
| Russ Housley, Nicolas Lidzborski, Laetitia Baudoin, Ryan Sleevi, Sean | Russ Housley, Nicolas Lidzborski, Laetitia Baudoin, Ryan Sleevi, Sean | |||
| Leonard, Sean Turner, John Levine, and Patrik Falstrom for their | Leonard, Sean Turner, John Levine, and Patrik Falstrom for their | |||
| feedback. Also special thanks to John Klensin for his valuable input | feedback. Also special thanks to John Klensin for his valuable input | |||
| on internationalization, Unicode, and ABNF formatting; to Jim Schaad | on internationalization, Unicode, and ABNF formatting; to Jim Schaad | |||
| for his help with the ASN.1 example and his helpful feedback; and | for his help with the ASN.1 example and his helpful feedback; and | |||
| especially to Viktor Dukhovni for helping us with name constraints | especially to Viktor Dukhovni for helping us with name constraints | |||
| and his many detailed document reviews.</t> | and his many detailed document reviews.</t></blockquote> | |||
| </section> | </section> | |||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIAAAAAAAAA+0823LjRnbv/RUdTqUsxSSGpEYaiV57TV1mhru6raTx7GbL | ||||
| 5QGBJtkWCHDRACl6PH7PX+Rbkh/LOae7gQZASlp7K0mlIpdHIi7d535vdjod | ||||
| lsksEgPeGsWZSGM/k0nsR/InEfKzuS8jPgzDVCglFJcx/7O33z3iJyLN5EQG | ||||
| fiZUi/njcSqWuELv8JJfPOsd/DVN0vWAqyxkLEyC2J8DFGHqT7KOFNmkE/nz | ||||
| heqkk+Bw7+hwLFWnu89UPp5LpQDEbL2Ax0dnd284f8H9SCUAgIxDsRDwT5y1 | ||||
| 2gDP8Bh+JSn8dXP3psXifD4W6YCFsPmABUmsRKxyNeBZmgsGGOwxPxX+gN+K | ||||
| IE9ltmYv+CpJ76dpki8G/MNb/gE+yXjK3+IVdi/WcDscMN7hZ8MR/rr+4+jP | ||||
| +FsQ6XxNBpYvcEvYaL9/2GXJWCWRoM+IGluKOAd4ODf7tM7lXGZAf6Ci1Ozg | ||||
| FyKY+bFUc8UngBBuw/045LcXo4szvkO02m3BGpourQqgeB3hgetq4av5t0hf | ||||
| L0mneMNPgxncmGXZQg1evsTn8JJcCs8+9hIvvBynyUqJl7TCS3xzKrNZPoZ3 | ||||
| T46TOBZR9FJzr8K4DnAOH46QAJmzkX3J08t4Mtn2urk+1s835MKbZfMIpDDP | ||||
| ZkmKZOzA/5xP8ijSMjWMxINYAwmjWN4nS7oLWAE5fyJpBzFSSSj4OUgi3lNZ | ||||
| KgSA2nvFT3wFygGvrhTdCkAoBvwdQJAlMV1JxZSWuJBhGAklHvRzsN6A333o | ||||
| 9Xn/8tpcyuMMBf59TMz9I7AnTOZ0T2juaEA9C+i3EsHyAnqojtQHIfnJLPfj | ||||
| 6QZ83ibJNBJtPooDr4rSQbfLh/PFDGgugCMgSX56v/LXDnYXCKgPevudFKsK | ||||
| jifDjZjcZshbnkxgZZGChrs4rYSc+atvpwTRFlxOkhT4Y+RhAzqncirRfDhA | ||||
| XsssU+M8nc4qEF7/CggD3N0z0vVtCHsFsBeByuIknQMQS1LPmzcnIHJHx6Pb | ||||
| Ab1fShz+dMDUgUbfePxdkqtIrM11F9GbXKnGbcB1ALSegr2wdqfNz89PigeM | ||||
| 0IFxDo3QuSh/NywffBbamZ9OURasIoJp8rPUD+5FWmo8GGSjdjMNbkXtjlAr | ||||
| 9WLaedR8B/3B32urx7MESadtH5PxxKXph7Pjs5smOQ0xTzyQczDZBkMjLe5F | ||||
| MuXgc8BA8X63192I4Wq18qIkuU/yzItF9nIiQVNfnsxSqX6gpX44mflAAcDh | ||||
| n/vdu9SPlQESXARcWfa81z+M3p/s7XmLcOLiPcwyIBwa2ttkkq3Ae/C3UTIu | ||||
| aMAY63Q63B8rpHDG2N1MKg7Ezefgo3goJjIGCvk8FitCD637nEy8jIMoR0+H | ||||
| LhS0lSfwT3oJz7CJFFGIbPWtc73Nxz+KIAMLYviwFBwfJR8xUioHTXfuMbon | ||||
| HjLwf7hDNvMz8KERGHiAJSg9NVdmYeDhGFZTKgkkXA/ZCiwI7i8bUUPF9Xl1 | ||||
| lI0rLCSCICw8Il1Gu+5pws3JqjLwwyBhaRLmgabqp0//BE/i+58/F1REIqF8 | ||||
| 9vuEngEd0KaPRF30jkhdlooFgAcAIe8qECM7AF6hglSOAR2gvtltr9/7/Nnj | ||||
| /A72UWuwkQ8MeODsCHjCChloGmofkMxHIJTIkFfvbzvD25PRiAdW1hTizsD5 | ||||
| KR748RcZUjhX+s0CvqcILJQhxsH+ngVvu4gVMsSXfir9GBnL/o69YPlRjB8p | ||||
| LgGKS8WKrVLxt1ymuFcUVV8EcOBj7ESDjoyhgcBgjCQfUB+dXg773e6hJfvh | ||||
| ETC5IUelyPxV2+XD7z3izCKVcz9d83kCkq4NETJ8kY8j3A4/AzeyymKSjJSS | ||||
| 80UkJ2sSJBGDD0fhgIc19BDCjEWk2ASsbGiV0txa+Ckx+RkEHMUMn5ZBDnFW | ||||
| u4Seq4UIgCQkyKCOlU05WhagkY0HozUjAGEDsBEowujQQcc75nkwIO/N356W | ||||
| CLO8IYHBFXZjBaaoiYs0CQDQTYjzMRAVnvFJZwhGpIDZspQivYGVZXgdxSHw | ||||
| EXlU5JMkXqLegWmlHU9RQAkthTwWHKJqjLpDxVsX72/vMJDH3/zyiv6+OfvT | ||||
| +9HN2Sn+fftueH5e/MHME7fvrt6fn5Z/lW+eXF1cnF2e6pfhKq9cYq2L4V/g | ||||
| DkLVurq+G11dDs9bmtOutCAvtD0kdgPaqO4+aIJrNI5Prv/j3yGE1FLc7/WO | ||||
| wFTpD4e916/gw2omYr1bEkdr8xFIumb+YiH8tKTdQmaQ4bTRMKlZsoo58FoA | ||||
| Nf/lr0iZ7wf8d+Ng0Xv1jbmACFcuWppVLhLNmlcaL2sibri0YZuCmpXrNUpX | ||||
| 4R3+pfLZ0t25+LvfR2DCeKd3+PtvGIoQGbCG3LwVsUj9SNt+yOiCLE/JJmsT | ||||
| aCx56TaQ8CpfLJI0UyjYaxbKyQQICywuXLHSflhbgsJ4on823nMsIwjPjNll | ||||
| SgRavRxdFvx2ni3e3705xNR4nDw4jh50rFxVJaRV7Ekjgu6ClzKCW9ScXTJh | ||||
| FT9OcgW0wECgfIbXngGsgAwrFC4OCi8YKblLV6AmajWI3i+//MJk2EniTh27 | ||||
| q+M/nJ3cgRk/u7wbvRmd3fDB4Gv+idPT/Ih/Zqz+Cj6An2/BdwKhd25H/wpJ | ||||
| bc/zLoZ/3t2FSKBBQuMvyG7ba35h5CA+6WAIiQE18WPP20N8MbpAP+k5qXUE | ||||
| 0TZqmbZ1+J4xd5rxojD1dRCWfpQLNAb4jrXGAMP56bvC8o60a7DGvupIMDAE | ||||
| SsdJ5r5uzTbJJ/jMTPghPWeewde0zQegZGHyedX+esQg9gFsyib52MEA05WG | ||||
| XScaBNpm5K39+ClZ5DoMBBxiE92cJ4EfdRBpkjlmHyS7NEbNhHRrK003a4ZH | ||||
| +q1DcrxRf0tieDMHJ4ac50uIrAovLzZgYF8j6V75FQNRFRhG9kJHVm0w0BKy | ||||
| DP1CClF0yCdpMnfFb8NCr7ye18c4UZseG0M6C1fi10mCUThyd3h8+YanOWQq | ||||
| ZG7MLmw1S5QgodJBQYG2zhmaadiAfyx58rHNPp4mWUeRon1s849/yhPwXu4F | ||||
| ZD+I0e3F3TV+PiWZ/agd1cdhlsw/eqwm1+4ORCAd5esYOAK7ZuwsQ651UFh8 | ||||
| FUgJdKheMMS1XhQCjpIfPc0PE+r2kYpDWLpQKnyVZDjU+5otC31qOwxihSvY | ||||
| HFxO8pTCqdRwZrsMOVyqBwAui5F2QKFI6VCiJsAUVdeNYtvaIRJTY4wcRXPS | ||||
| CKNbrNQtaxR2Up8QgTViS4ldrWAu/sZ72eQFCQ4L5QG6mgQCRfEAPk5LGH6a | ||||
| WyujjJI5bgTTswVsiuZRhjoW9KNpkoKhmG9SkANeKAf55S3EqIaiRBNMACBu | ||||
| AofEGyTZmQs/BolmcREZA+3KoHiX62AHX7686YDN5g72quJLQA6ZhbbvaUms | ||||
| kc8soTJgtNbX1iVw6gYMcoqG4lxkCBbDShYo7rv1AgxzS5t4rfgmS8RVXBzD | ||||
| hPzDzIeEvtXptJiDo7GhIFFpSEvBvkD44gm+SBQ5OWu6xAMJkWKtzJ9OASxD | ||||
| VLS6qgUaA88A4sMycUj4xA8wwsFaQAKLZh3YpEN/MRQNyCKVkYON/lFp52ro | ||||
| g0Ba0TROUEOGtfhMZnkmGlmV5hNFyOPCCWq/A5ZSpJhZsEjT18PsQkmF9ks/ | ||||
| QgRKhZ/ppLGarlfiwXYjKkG3EsOOSxElC8E/musfCY0ZECpO+GKWwv58x9LO | ||||
| R6rME03TXYAYyAU7gTM0L+BtBGUnA2MFJE9TTCe1SgC+cGsGQqN2mT9BFuKb | ||||
| RkpQDpznwTi2fqdFqPVNy5F9sGanOWUo5E2JtCmQMyNdBo3UISvIu0+sqxkt | ||||
| fKlTvqQ2UaYWTdico0j68jhCn4/ELz0DM7aiGkAUwcYmywaaZSMYVi6ExKAn | ||||
| 24+Ue2y8YZJQHUaBB2maXjL9UhXUiYSRLjH1gzVYGVPYo9i8SBhIIJ3td5AR | ||||
| yKLaBrumYATheposUiyesVz5U1ETRmrmNAVQ5fM56NhPmjt3PkLXY6A5ycpr | ||||
| xtHwghtJFhG1gcEJsW3SzwreGUZAJHW8zkTnKoUgp3Php/d85/jqYtekrnsH | ||||
| fcxj0a/LkGSLtC2AnDVIE+BnzUG0nTgh0i6kNBuAwc+OgBDj+c91TvKf2c+d | ||||
| +s+GK7AW/JBgdIg78CYVyksi01pUSS6EjZ6q0/Fn9mnAXyifuoxKF3u/blXa | ||||
| ofwNhaNYC2lBRnO5IQA2FhByy3VRMsN8o3DmDXGnQqcpf0FMUrG+JdlArLOV | ||||
| ALWopYXtZuGNPV54I+ZvLr0V3o0km/nLRKKTAaMzB1EGrMFhzHUdx4bz5K50 | ||||
| BIVS/15RHoqkNls0aq1OXVBXd00UDI7LZta4RIAlIx3UC7B/4PosBXxT0zbJ | ||||
| utVmgDCSurBYZy3qWdUHVMWtXc2LyPqySlZclL4UZX82IX4BMWEWzEzl7Fc2 | ||||
| 0/mnF2R/52YpkKyzv+USBAl0zJUBk3ltSItRIXX+73pRUNIF4e67AopXjW1w | ||||
| xMu2IByTSwbSj1b+msxK53D7W+62ipWvLUSKj1jfTb7BZsp8xxG43UrtFU1/ | ||||
| KiKxxGJ1JQj06hDo8KlTpO9VSH5DQMsxoGUbA9rNSV89pkVnnYyXkkqnDNeP | ||||
| hc5StGjXq71ZYpL797FEc95I7tlJBe1sldRFQRDLyIlPZxlgCj7MkB6iEIg2 | ||||
| 8wXD2QaCBASY+Lm2dWYlwfpjsm+FD5wuEUZX1DAsesB+Vi0k5CS3DfD8hpzW | ||||
| tHAlwXAZOZnAI15DbY0p1cFg6aocWdaBpDGtioFZwnrWPEk3J00UE0duw0j7 | ||||
| dLbNOPOdshJYDWx2URJzNL9PWRvCMxbA8S2U2oI2sW1LKYaVZUEqR1DVBKKW | ||||
| PEVpLwLTVASCahbaAAO6GIQA0GC+UkB6kUOkKbLA23X6OOX8CQkM2QtVV3Ky | ||||
| kCU1tFpSaRbeA7GFi0UbZkMASEqANBCsMAybS226S5OKebIU5Ip08A04mKBa | ||||
| aWuNYTFmYPWo+I3ZX+NiFN1BpF2rwJRuxwoe5NiFGRsw1vN0NyOl5qlV3icz | ||||
| GjehZ5VgxJE2wLRo5oDqYWTpRxCyh+vC2SIcgBa2zj1+KjLs0yIcRQXRtvWQ | ||||
| rhv6VVRFNK11a7n2bXZrWm89qo7AA2Pgq22M63opbQgCVWy3Y6zVbgX4HUJt | ||||
| 1+xTyasdi7nv7btZtd62X6UvhN463eMm3eO6Feeg18wzcd9nMyYpU0q7xza5 | ||||
| qdU5XUtkUw8AXONZ7W9Sm1qrGAltSe+D/T3bmKgUHgvDA4E/Neq4LtchAckb | ||||
| a1Hg9XJzCRcrATN5WmaZaXp0oE5gfttFEQA8VpiQFmB+DUqhHXLKaSSmmPGg | ||||
| IYQ1v5excSHVWqDtiz6jkkyRQiHgJsi4wqhH010qpl236WZoX+VPkXvGgIT1 | ||||
| EoVHQXSRQ5GmFSM9WPjPqhEE2TeH3nrrNk4FanXno4rVKJLXsshY0BWfm7ua | ||||
| 4KE84wJIMCOoSVm/dyOADd1lM9dk9muoQtuRXNzYY3uwmXYuwoiLqpNH97HK | ||||
| +NLWQautYvGAdkRFKBBClyF0yKOFRkZhgKGF41rZpmTWIXM95irksuin4tJu | ||||
| qctXxUZ6BoHy+TbVeQnYNZ/nUSZh3YZXzGZpkk8bsXK7FueZkgEWBO1SrJoa | ||||
| UFe9kh2QmQb6RDKAFHENupKmayJL6TpZfQKg6GCelEUWZPg1Vk2/K4NMkwq4 | ||||
| pRjLH2M07SxN2Wvoez2v161HnwQkVsaZE4vUikOEyuN1HtUIyzo+VUbcei9m | ||||
| ZzqcgxxsXd/FqRlaU2gnjELIW0BIc6lmoMixrYmMIZ4xnVhIauzDvjPnRNXL | ||||
| J0opQPRjXOiJgsvW5Z0ZGYIZF8AyXBqtm0ktvbHwQZ/Ar0q0YLqUxE6GqqSF | ||||
| jv9JnKpJOSqlX+igLQybTBli9jwKwUoE9zi4CPstcCoEYNCOwGFoW8uAGVkE | ||||
| MTDi0mamZ6TDJSMaFQo2ZKPMcVhNsIIEo9lnE9K2GnDwOrWjLtSbdua7NkXC | ||||
| he1ZygRniRmkcCQwDWALqsvMlk1JNoncJuoqQy5DtkZV3fHn1UIdbscqZKZB | ||||
| AtqxqVNu76aSrmC8m8I/6IUgvtPzd+1iZmaB4MgAXF1jTdtbs7woGUwTfCaI | ||||
| pd447l5KLsZQzpAbXOCzBIsFKcNb8zJxxNTK+B5ELsQltHA+IiSsvp0Ti9jF | ||||
| if1IElWp3bqrmI6yQ6py2sQWdClvqpa1tU3ZWBSp1RNVRgUNfJSVYZ1Obayc | ||||
| Q/RjKuFFJQbbPLf0qMnZlZFbyJzINtViiR2TkGJaaYYttps6FCLHOJtRjCcw | ||||
| sbNDwkRY23mza0oNGyimI0cMccnSYrml3jbAXRxL3dY9TDLygROeD53BBWbi | ||||
| m7KeUYQnHscS9KKuZNTH+LbFlM4XAR7KZoUfPGW1IfQR/hItwY+5ImPCnLgJ | ||||
| uDakTooO5TTsOsdTG8M/t0f8lGP1i6XK0BCkH8MHY5gcS2E1ypE/kImW52Sp | ||||
| FJOUiXJ9ASAjiWObZGkykQ82Gyk33WB5NUPN7hTk0CrFFi6va0UOoCzlHQDl | ||||
| biO43oIyb6KMxptR/yqjUs3zUOcV1JlBXQ9nZpA9PY41r2PNtmPdTBucoiwf | ||||
| 0mA6hHPWX61AcUvnfTKs+m/CrhKENm14EWo2G1gNzum6lM6uVNnYsrV6W1z3 | ||||
| zdiaKop8tlBP4bi5aN2eLbzbdlE5M2C20zN1dUI5eeujtpY1GIE9tijKcaGs | ||||
| nP+pJGRgF/1p6s+1Z4sDar4UE9cTmYJ2iwcfkwe+09t11sP5H0iI5jLDtUua | ||||
| MqcbRK4u3mAcC/tWjacoZmDbG4yPxI/2kVomYkfHBQ7ylpj0n4XJdvCJD4Z5 | ||||
| 7f9OZC6TzDRD/HjTWJhD/Erzljk9SgekEMCVsCINDM20Rbf173JA3bHvZgrx | ||||
| y0Yr8O//+RLbgjcJWCjQZtR9/mt+fv4HwfKcnZ5+ZvmPowx1s+YixO71r6KQ | ||||
| abtyfl3I9q/4KVZxm7oDLkwxIV17KpglSeQZ3cIzXGQptq3yG362wPIQdzoL | ||||
| pfr7QRWI/u5Tq/wmWP6Pyt0Z+PlsrcVtZ/XSqbSUNtKYKbWRwIa+t1VTdlaM | ||||
| uj6XvoZLLqdVluM542+fL33FMjVLO+D5l/vHBwf5l6/3e2+eWNAVmYZoP//n | ||||
| H6wEmwjzbFV4lC57e8eGLk+s979LldAx4QyJiWLsCEmj7lcJogpXXJITZ0te | ||||
| FOdC9XhbKHRDTTGmZywarpvGbJqn+Irpb8zQauPflM5B8J+ndBbCJhZU6VJ2 | ||||
| +6CyPU68OknSYX2gjo/zjIow5XCHPoWm4+bxmhktpsxhUxPMRInV2MJpNTIz | ||||
| uwXL0XhvZSClTN5e1QY2zWh9+UQxn60ni9t6KNPPKETHs3smDKmNqUDWeI+3 | ||||
| l1LldCZLyTmentfroxIA+aNKVw8XxdMbOMoI1iyRZko61O1ZM+4QyIWEt23k | ||||
| i12alDvn7OiUCkKhEmAPjrpSjg20lFOsjVFXRBVDKnRIlepiQgCedOYWqDCx | ||||
| /fEx3J7SXCHHLNh++QHR1YiooQCEXNWTE7rGpud1Iho61MFd2aMqycew1dzB | ||||
| xoXuRFcZXdTvcQrA4x+oO4+nFJNcFStUm0+6ykWFwHZ1ot4WC/V5Nd3pM7zE | ||||
| zgI1ufTbRVO6OnPCqw1t7O7LjCa5xqJAl7no1ue+NuB0V7KIGxYxwxyu54vK | ||||
| E0gWHlXMGGFRCiEjZVBrlYm5jfaddBXpYhPWNakGNfHcBNV0kTCv/1izHB+L | ||||
| qd2s2Qgq5wLiR2aBNxHwXbLCoYe2WcJWFwxHxjIGZ+cugXQGA6nMCbsEZMY3 | ||||
| 42AAPCATW4LVCMIE+IVkrWtulYON+OA2KtmX/JiGJ6hDc2o4Edi5CnsyeftB | ||||
| VHO4D57BpPWO4NODo6lAKH9Eqzzz46nAkwLF0NAGSuvSYSiWFHDT9rbUC2vr | ||||
| VuTIOVhZH49H0aueGLPzC858KHv6oJKuJxTHAt339fDA+85587ASDeSbG9T0 | ||||
| BLn3A5qLLpRRZ/OaGjzCGVIAaZwszUm1ygyjLcE+fo6gnB/QVKKB6zEOCdoj | ||||
| MqiulI0CMGLRmLmiRDatYVg9ZMXqc1h79ZNkG6pLyj1UuwkF1hwb24YCfwwF | ||||
| 9hwUmqNkL/hoeDlshhaLgllNz1OYTRl2ADbz5RDCl51C5Dr9bu8AW015JKwj | ||||
| b91ejMpgpvgimwv90Ig8JqCZtthOz9vzDryetw//vfa6u/R9F0DRdVUbdRfR | ||||
| 0UfvuZDXY6byHKYpMmwB9ormq+hBHAFWLV6D9bCElT0JKwSL5H6RDcPbS69n | ||||
| iMHMkbfiNBjdM9R0RhgeP2nKinOwdjK2amdyZd7Ty4flkVqiMvv06fcYNB31 | ||||
| +nhc2U5n9bvdvnkDDGaxUnMK2DPNQv2+7VY79T7znDKCmkQhntSprGyKPOfD | ||||
| i+vbzpkvh1X5+gQuLqFioBWesON+eczO3i5sE+4c4ACSHkERGT5vo5yd/V0I | ||||
| oOyXK+Gnxb182Hm9a0R7p0tvPi7mO0eQhECkfnr2ZnQ5wgPMt3x0cX0+Ohnd | ||||
| 8bvh21s84cqOz96OLhmDG1c3d7fs6u7d2U3ncnhxxt7cXF2QdPVGc53iwrLd | ||||
| I9j4+fhtww6/++lx/Cx2eKPXkRaCbn9n/4jQkvqeA+bZw/80mLYWQGDCUp/5 | ||||
| V6hNeDq21GScx5DVQcbia0B06FfrqNGx4cb8t5mpJG0BC+0ciAb/Bnvqg9CP | ||||
| HXxGmCFBskefs8nhlQVS8VIQzAvNQ9Vt7nkevr7pvHXtdbYhlS6BOuXHf+Eb | ||||
| D26zz+z/T3RvPdF9/ltOdG8Ikn7FiW52dnmqj3W/4Geme9BM/k18Wu2s2GZD | ||||
| KOY6LkFDrPdsjCzTue+KN3S/AaBMeRqZOWs9o17TMp2lGVyDpFdCOsdPQaLq | ||||
| +dc4SoJ70MWBtv9+tz/uHnQPOf3qdfd5d7/7unvYPeJ+tzfpBr2Qi/3DYDwW | ||||
| r/nRq6PJq+7rQ34g+mE/fN1lr/de7+319/b5wV5fHOzjrd4B3DgIQHrgyt7B | ||||
| hB+EmrgIHR3OA/A0SAUUXc5f7Q34X7vfg5r1Qc0OB/BPUz2+6PE9iOZ6EJTu | ||||
| 89eg+EdfsB48v9fD5/XrvVec948GVHVyNOWLZ9DwC1OF1S9/dj59LlGwLKdz | ||||
| 0ZV4UH873BeKt/CIFx28bmGMSr03m1FSMN6gA6V+ebbIaSrmWmBj/W2eQZod | ||||
| 03o5pHAq7rWYWY7Cy2FwHyerSIRTcvbs00B/EaMIv25N/EhRkYvOyFFGRqF4 | ||||
| fM9P/aUM+bGIf/TnUneGYVW4ZtPH6jf88MqXEW2Ky6vL/+e/pTLg363j4B6s | ||||
| /B+SWczPIeGKwQlovJaA66n88b7NbzAbu/Wjn9qVb3DTvuFOzuFCFAkI1O9t | ||||
| dCnxG6aWUqy00k+ECDHKM4mdOZuM3wu3xmFIwEqElXjVqxKEWmIpsGEa4xgr | ||||
| neNZ4EyOLPKpIlKUcSiBSDm8Q4d4tE3BnD+V41wHd2b0boEwYnml8pUJToA6 | ||||
| QDCQWOsk13Z5GsPjl5BrY2CrC0iaCcQTN7alSZ/4ng5hVal2KYMkQrMqw5/G | ||||
| gN69bPNzX2R4YoAf+znOHQOl1zgAEwkAsQ1WH2zSuQBupqH+xO9yiCLSKueI | ||||
| Mtc+YHrP3wABCig1SywbcCaEvpUAfQvYn8wCqhf7Y4TdAS1UiBK6BTp4SbM+ | ||||
| LGl86ZmvD1mbIpWGgr4YYFKcEfyKVgdRuYUYxw+ZXXsmokUZWevQ12ouHTM2 | ||||
| z4CsFFL0FU3YCAM9iBAs/Z28x5mZ0/x+lixjqWGH95AvuR0JqI9a2Q2o4BuK | ||||
| DGw5HQovciaSYI/9F5JUU6UmVgAA | ||||
| </rfc> | </rfc> | |||
| End of changes. 70 change blocks. | ||||
| 540 lines changed or deleted | 141 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||