2004845 PKIUTF8String Part1: UTF8String UTF8String PKI UTF8String UTF8String 2
(1) ( ) A, ü, <DEL> [ ] [ ] ASCII JIS X2013 Unicode(ISO 10646) ( )( ) Unicode A U+0041 <DEL> U+007F 3 (2) u ü ( )( ) ( )( ) ( )PrintableString UTF8String ( ) ( ) 4
UTF8String UTF8String UTF-8ASN.1 UTF-8 UTF-8 UCS (Unicode Character Set) Transformation Format 8 Unicode (UCS-2 UCS-4) UCS RFC 3629IETF ASCII 5 ASCII ASCII( ) ANSIX3.4 7bit (0x00 0x7F) () Unicode ASCII NUL DLE SPC 0 @ P ` p SOH DC1! 1 A Q a q STX DC2 " 2 B R b r ETX DC3 # 3 C S c s EOT DC4 $ 4 D T d t ENQ NAK % 5 E U e u ACK SYN & 6 F V f v BEL ETB ' 7 G W g w BS CAN ( 8 H X h x HT EM ) 9 I Y i y LF SUB * : J Z j z VT ESC + ; K [ k { FF FS, < L \ l CR GS - = M ] m } SO RS. > N ^ n ~ SI US /? O _ o DEL () ASCII 6
UTF8String PKI UTF8String UTF8String 7 UTF8String RFC 3280 2003 12 31 (DistinguishedName, DN)directoryString UTF8String PrintableString TeletexString RFC 2459 RFC 3280 UTF8String RFC 3280 DN UTF8String 8
UTF8String RFC 3280 2003 UTF8String RFC 3280 RFC 3280 9 UTF8String IPA: RFC 3280 UTF8String http://www.ipa.go.jp/security/pki/utf8string/utf8string.ht ml PKIX WG 2004/07: Internet-Draft <draft-hoffman-pkix-stringmatch-00.txt> 2004/12: RFC 3280 Internet-Draft 2005 2 NIST 10
UTF8String PKI UTF8String UTF8String 11 A (human readable) Character A A (processable) Code point 0x41 A (machine readable) Byte sequences?????? 12
13 14
A Unicode 4 NFC: Normalization form C(Composition) NFD: Normalization form D(Decomposition) NFKC: Normalization form KC NFKD: Normalization form KD 15 RFC 3454 stringprep Unicode (to) Bidi () Case-sensitive Case-insensitive NFKC NFKC 16
Unicode Character A 0x41 0x41 stringprep bidi Byte sequences??? 17 Character A a 0x41 stringprep 0x61 0x41 0x41 Byte sequences?????? 18
ASCII ASCII Case-sensitive Case-sensitive (1) ( ) Case-insensitive Case-insensitive Case-sensitive (2) (3) ( ) Case-insensitive (4) Stringprep(1)(3) ASCIIcase folding( ) (2) (4) ASCII ASCIIASCII 19 UTF8String PKI UTF8String UTF8String 20
PKI PKI (Distinguish) Distinguished Name Distinguished Encoding Rule 21 PKIDN AliceCA DN CA : CA : CA CA : CA :CA Alice : CA : Alice 22
Character A 0x41 0x41 stringprep bidi Byte sequences??? 23 DN PrintableString ASCII BMPString Unicode Latin-1() TeletexString Latin-1() 2003/12/31 UTF8String UTF8String UTF-8 2003/12/31DN 24
ASN.1(DER) Character Alice stringprep 0x41 0x6C 0x69 0x63 0x65 Length: Value PrintableString 0x13 0x05 0x41 0x6C 0x69 0x63 0x65 Tag: PrintableString Value: 25 Alice PrintableString Tag,Length,Value OctetStringMatch Alice UTF8String Value OctetStringMatch Alice BMPString 13 05 41 6C 69 63 65 0C 05 41 6C 69 63 65 1E 0A 00 41 00 6C 00 69 00 63 00 65 ASCII Tag PrintableString Value 26
RDN RDN( ) cn=foo, o=bar, c=jp UTF8String PrintableString UTF8String!! country, dnqualifier, serialnumber : PrintableString emailaddress, domaincomponent : IA5String UTF8String (ITU-T/X.520) DN RDN DN 27 UTF8String PKI UTF8String UTF8String 28
UTF8String 2004 UTF8String CA Name Rollover RFC 3280CA!??? orca 29 UTF8String 2003 12 31 CA DN (MUST) A) A) PrintableString B) B) BMPString C) C) A),B)UTF8String 2003 12 31 directorystring UTF8String (MUST) RFC RFC 3280 4.1.2.4 30
(1) CA CA DN(MUST) (MAY) X.500 RFC RFC 3280 32804.1.2.4 ASN.1 syntax() OK!? X.520 X.520 6.1.1 31 (2) X.500 PrintableStringcase sensitive RFC RFC 3280 32804.1.2.4 Case sensitive DN caseignorematch c, c, o, o, ou, ou, dnqualifier, st, st, cn, cn, serialnumber X.520 X.520 6.1.1 Case insensitive!? 32
UTF8String??? or? : 19 (1) (4) : TLV or Value UTF8String 33 Name Rollover 1 2 CA CA-A : A(Printable) : A(Printable) Name Rollover CA-A : A(Printable) : A(UTF-8) CA-A : A(UTF-8) : A(Printable) CA-A : A(UTF-8) : A(UTF-8) 34
UTF8String PKI UTF8String UTF8String 35 UTF8String? Stringprep?? 36
DN Alice BMPString Alice UTF8String Alice PrintableString Byte sequences 1E 0A 00 41 00 6C 00 69 00 63 00 65 0C 05 41 6C 69 63 65 13 05 41 6C 69 63 65 41 6C 69 63 65 41 6C 69 63 65 41 6C 69 63 65!! 37 False Positive False Negative 38
??? Alicé stringprep 0x65 stringprep 0x65 0xE9 Alice BobAlice Alice Alicé 39 0x65 0x65 stringprep stringprep Alice 0x65 0xE9 Alicé Alice Alice stringprep!! 40
(1) UTF-8 PKI 41 (2) PKI UTF-8PKIUTF8String I/F ( ) UTF8StringPKI PKI PKI PKI 42
UTF8String PKI UTF8String UTF8String 43 UTF8String (CSR) CSRDN UTF8String? CA? CA CRL? CRL? 44
Alice (CSR) 00 41 00 6C 00 69 00 63 00 65 BMPString 13 05 41 6C 69 63 65 UTF8String!! 0C 05 41 6C 69 63 65 41 6C 69 63 65 UTF8String? CSR BMPString!? 45 CA A) (CA) CA UTF8String CA EEUTF8String CA B) CACA DN() CA Name Rollover 46
47 CA cn=old CA cn=new CA UTF8String CRL CRL CA CA CA CA DN DN UTF8 EE X CA EE CA 48 CA CRL CRL DN DN CA cn=same CA cn=same CA UTF8String CA CA UTF8 EE X EE CA Name Rollover
DN CA Name Rollover CA?? 49 CA CRL: CACRL CA DN CRL : same CA : CA : CA CA CA Alice CRL : same CA : CA : CA CA??? CRLAlice 50
CRL a) CRL CRL b) CRL(CA DN) CRL DNCA DN c) CRLDP/issuingDP CRLDPCRL issuingdp CRL issuingdp CA () () 51 UTF8String PKI UTF8String UTF8String 52
53 CA CA UTF8String CSR I/OUnicode ()UTF8String DN subject CA ASCII: case-insensitive ASCII: case-sensitive CSR subject PKI CA issuer CRL issuer 54
55