untitled

PKI UTF8String Part4: IETF

MicrosoftMSWindowsWindows 2000Windows NTWindows XPWindows Internet ExplorerOutlookOutlook Express Microsoft Corporation Sun MicrosystemsSun Java Solaris JavaJDK Sun Microsystems

1...1 1.1 IETF...1 2...2 3 IETF...3 3.1 (RFC 2277/2278/3629)...4 3.1.1 RFC 2277 IETF Policy on Character Sets and Languages BCP18...4 3.1.2 RFC 2278 IANA Charset Registration Procedures BCP19...5 3.1.3 RFC 3629 UTF-8, a transformation format of ISO 10646 STD63...6 3.2 LDAPbis...7 3.2.1 StringPrep...7 3.3 IDN(Internationalized Domain Name)... 11 3.3.1 Nameprep... 11 3.4...13 3.4.1 SSH...14 3.4.2 SASL...14 3.4.3 SASLprep...14 3.5 PKIX...17 3.5.1 RFC 2459/3280...18 3.5.2 I-D 3280bis...21 4...21...23 i

1 ISOC/IETF/IESG//...1 2 IETF...3 3 StringPrep I-D/RFC...8 4...18 1 DirectoryString...2 2 RFC 3454 I-D...10 ii

1 IETF PKI 1.1 IETF IETF 1 () 2 IETF 7 IETF/IAB 3 IESG 4 ISOC/IETF/IESG// 1 ISOC IETF IAB Chair IESG ADIAB Application General Internet Operations and Management Routing Security Transport AD AD AD AD AD AD AD Chair Chair Chair Chair Chair Chair Chair 1 ISOC/IETF/IESG// 1 Internet Engineering Task Force, http://www.ietf.org/ 2 ISOC, Internet Society, http://www.isoc.org/ 3 Internet Architecture Board, http://www.iab.org/iab/ 4 Internet Engineering Steering Group, http://www.ietf.org/iesg.html 1

2 () ISO/IEC/ITU-T ISO 9594/X.500 ISO/IEC/ITU-T ISO 9594-8/X.509[1] ISO 5 IEC 6 ITU 7 ITU-T 8 3 X.509 1996 X.509 v3 1 1 DirectoryString PrintableString Alphanumeric TeletexString ISO-2022 UniversalString UCS-4 5 International Organization for Standardization, 6 International Electrotechnical Commission, 7 International Telecommunication Union, 8 ITU Telecommunication Standardization Sector, ITU 2

BMPString UCS-2 UTF8String ISO-10646 UTF-8 3 IETF IETF IETF Unicode ISO-10646[2] ISO-10646 UTF-8 stringprep RFC 3454 Preparation of Internationalized Strings ("stringprep") [3] RFC 3454 stringprep 2 nameprep xxxprep stringprep 2 IETF 3

3.1 (RFC 2277/2278/3629) IETF RFC 2277/2278/3629 3 RFC 3.1.1 RFC 2277 IETF Policy on Character Sets and Languages BCP18 RFC 2277(BCP18)[4] 1998 1 IAB 1996 2 29 3 1 IAB Character Set Workshop (RFC 2130 ) RFC 2277 UTF-8 Language RFC 1766 Language tag POSIX Locale Language 4

3.1.2 RFC 2278 IANA Charset Registration Procedures BCP19 RFC 2278(BCP19)[5] 1998 1 RFC 2278 IANA(Internet Assigned Number Authority) 2.3 (charset) 5

charset IANA 4 charset 3.1.3 RFC 3629 UTF-8, a transformation format of ISO 10646 STD63 RFC 3629(STD63[6] 2003 11 RFC 3629 ISO 10646 UTF-8 6

3.2 LDAPbis LDAP X.500 Subject UTF-8 LDAP LDAPbis stringprep ( ) IDN(Internationalized Domain Name)[11] 3.2.1 StringPrep RFC 3454 ( StringPrep StringPrep )[3] StringPrep LDAPbis LDAP StringPrep IDN Paul Hoffman (VPN Consortium) I-D 2001 9 27 draft-hoffman-stringprep-00.txt 2002 10 4 draft-hoffman-stringprep-07.txt 2002 12 RFC 3454 PROPOSED STANDARD RFC RFC 3454 LDAPbis LDAP v3 3 draft-ietf-ldapbis-strprep-05.txt ( I-D StringPrep ) [15] draft-ietf-ldapbis-dn-16.txt(i-d StringPrep-DN ) [16] draft-ietf-ldapbis-filter-09.txt(i-d StringPrep-filter ) [17] 7

3 I-D I-D StringPrep RFC 3454 I-D I-D StringPrep-DN LDAP Distinguished Name I-D StringPrep-filter LDAP I-D/RFC 3 I-D draft-hoffman-stringprep-00.txt 2001/9/27 I-D draft-hoffman-stringprep-07.txt 2002/10/4 IDN Paul Hoffman I-D RFC 3454 2002/12 I-D draft-ietf-ldapbis-strprep-05.txt I-D draft-ietf-ldapbis-dn-16.txt I-D draft-ietf-ldapbis-filter-09.txt LDAPbis-I-D I-D RFC 3454 I-D RFC 3454 3 StringPrep I-D/RFC StringPrep 1. Unicode 2. 3. 4. 5. bidirectional 6. StringPrep 8

3.2.1.1 Unicode Unicode I-D StringPrep 2 RFC 3454 I-D StringPrep 1. TeletexString Unicode 2.1. Transcode Local matter 2. PrintableString 3. Unicode UniversalString / UTF8String / BMPString 4. ( 2.2 ) 5. (2.2 ) () 3.2.1.2 RFC 3454 Appendix A-D 3.2.1.3 Commonly mapped to nothing RFC 3454 Table B.1 Commonly mapped to nothing 3.2.1.4 RFC 3454 I-D StringPrep RFC 3454 UAX15[12] KC I-D StringPrep UAX15[12] NFKC 3.2.1.5 RFC 3454 I-D StringPrep 2 9

RFC 3454 (RFC 3454 UAX9) RFC 3454 I-D StringPrep 3 (//) 1. (space ) 2. 3. 4. 2 RFC 3454 I-D I-D (RFC 3454 A.1) (RFC 3454 C.8) (RFC 3454 C.3) (RFC 3454 C.4) (RFC 3454 C.5) U+FFFD RFC 3454 Space 10

3.3 IDN(Internationalized Domain Name) IETF IDN(Internationalize Domain Name) [9] IDN / PKIX/LDAP RFC 3491 Nameprep: A StringPrep Profile for Internationalized Domain Names (IDN)[11] 3.3.1 Nameprep IDN Nameprep[13] Nameprep RFC 3454 DNS / 3.3.1.1 Nameprep Nameprep RFC 3454 Table B.1/B.2 11

3.3.1.2 Nameprep Nameprep StringPrep NFKC 3.3.1.3 Nameprep Nameprep StringPrep Table C.1.2 / C.2.2 / C.3 / C.4 / C.5 / C.6 / C.7 / C.8 / C.9 IDNA(RFC 3490: Internationalizing Domain Names in Applications)[11] 12

3.3.1.4 Nameprep Nameprep StringPrep 6 3.3.1.5 Nameprep Unassigned Code Points IDNA Unassigned Code Points Nameprep Unassigned Code Points StringPrep Table A.1 Unassigned Code Points 3.4 IETF/SAAG 9 / ( SSH ) 9 Security Area Advisory Group 13

SSH /SASL 3.4.1 SSH SSH 10 SSH ()( /) UTF-8 Sun Microsystems Solaris 8 Microsoft Windows XP OpenSSH 11 UTF-8 3.4.2 SASL SASL 12 SSH / UTF-8 SASLprep (RFC 4013 SASLprep: StringPrep Profile for User Names and Passwords)[14] SASLprep RFC 3454 [3] / nameprep[13] SSH / SASLprep 3.4.3 SASLprep SASL SSH SASLprep[14] SASLprep StringPrep SASLprep RFC 4013 2005 2 3.4.3.1 SASLprep SASLprep non-ascii ASCII StringPrep B.1 10 Secure Shell Working Group 11 http://www.openssh.org/ 12 Simple Authentication and Security Layer Working Group 14

commonly-mapped-to-nothing nothing () 3.4.3.2 SASLprep StringPrep UAX15[12] NFKC 3.4.3.3 SASLprep 1. Non-ASCII (StringPrep C.1.2) 2. ASCII (StringPrep C.2.1) 3. Non- ASCII (StringPrep C.2.2) 4. (StringPrep C.3) 5. Non-character code point(stringprep C.4) 6. (StringPrep C.5) 7. (StringPrep C.6) 8. (StringPrep C.7) 15

9. display properties or deprecated characters(stringprep C.8) 10. Tagging (StringPrep C.9) 3.4.3.4 SASLprep StringPrep 6 16

3.4.3.5 SASLprep Unassigned Code Point Unassigned Code Point StringPrep A.1 Unassigned Code Point 3.5 PKIX PKIX X.509 /CRL X.509 ISO/IEC/ITU-T 3 IETF PKIX PKI CRL RFC 2459[7] RFC 3280[8] 2005 2 RFC 3280 I-D RFC 3280bis[9] 4 17

RFC 3280bis (Son of 3280) 4 3.5.1 RFC 2459/3280 RFC 2459[7] / RFC 3280[8] PKI CRL Issuer/Subject DirectoryName TeletexString/UniversalString PrintableString / IA5String / BMPString 18

RFC 2459/RFC 3280 2004/1/1 Subject/Issuer UTF8String RFC 3280 Internet-Draft 1998 7 28 draft-ietf-pkix-ipki-part1-09.txt UTF-8 2003 12 31 UTF-8 2003 12 31 (PKI PrintableString < BMPString < 19

UTF8String ) Subject/Issuer PrintableString case-in-sensitive UTF8String case-sensitive Steve Hanna ( Funk Software Sun Microsystems ) Paul Hoffman (VPN Consortium) International Strings in Certificate I-D I-D RFC 3280 RFC I-D 3280bis(2005 2 18 ) [9] CA CRL PrintableString DirectoryName CA UTF8String DirectoryName CA CRL PrintableString / UTF8String CRL 20

PKIX- CRLAIA I-D(Internet X.509 Public Key Infrastructure Authority Information Access CRL Extension, draft-ietf-pkix-crlaia-00.txt)[10] I-D CRL AIA(Authority Information Access) CRL CRL 3.5.2 I-D 3280bis Internet-Draft 3280bis(draft-ietf-pkix-rfc3280bis-00.txt)[9] 7 DirectoryString PrintableString ASCII case-insensitive 4 IETF PKI PKI INTAP Directory ISO 2022 JIS TeletexString T61String Localization PKIX 21

1. ISO 10646 2. UTF-8 3. StringPrep 4. Subject/Issuer PKI RFC 3280bis IDN/SASL IETF 22

[1] ITU-T Recommendation X.509 (2000) ISO/IEC 9594-8:2000, "Information Technology - Open Systems Interconnection: The Directory: Authentication Framework," 2001 [2] International Organization for Standardization, "Information Technology - Universal Multiple-octet coded Character Set (UCS)", ISO/IEC Standard 10646, comprised of ISO/IEC 10646-1:2000, "Information technology -- Universal Multiple-Octet Coded Character Set (UCS) -- Part 1: Architecture and Basic Multilingual Plane", ISO/IEC 10646-2:2001, "Information technology -- Universal Multiple-Octet Coded Character Set (UCS) -- Part 2: Supplementary Planes" and ISO/IEC 10646-1:2000/Amd 1:2002, ""Mathematical symbols and other characters" [3] P. Hoffman, M. Blanchet, "Preparation of Internationalized Strings", RFC 3454, 2002 [4] Alvestrand, H., "IETF Policy on Character Sets and Languages", BCP 18, RFC 2277, January 1998 [5] Freed, N. and J. Postel, "IANA Charset Registration Procedures", BCP 19, RFC 2278, January 1998 [6] F. Yergeau, "UTF-8, a transformation format of ISO 10646", RFC 3629, 2003 [7] Housley, R., Ford, W., Polk, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile", RFC 2459, January 1999 [8] Housley, R., Ford, W., Polk, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile", RFC 3280, April 2002 [9] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, W. Ford, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", <draft-ietf-pkix-rfc3280bis-00.txt>, work in progress, 2005 [10] S. Santesson, R. Housley, " Internet X.509 Public Key Infrastructure Authority Information Access CRL Extension", <draft-ietf-pkix-crlaia-00.txt>, work in progress, January 2005 [11] P. Faltstrom, P. Hoffman, A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003 23

[12] Mark Davis and Martin Duerst, "Unicode Standard Annex #15: Unicode Normalization Forms", Version 3.2.0, <http://www.unicode.org/unicode/reports/tr15/tr15-22.html>, March 2002 [13] P. Hoffman, M. Blanchet, "Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)", RFC 3491, March 2003 [14] K. Zeilenga, "SASLprep: Stringprep Profile for User Names and Passwords", RFC 4013, February 2005 [15] K. Zeilenga, LDAP: Internationalized String Preparation, <draft-ietf-ldapbis-strprep-05.txt>, work in progress, February 2005 [16] K. Zeilenga, LDAP: String Representation of Distinguished Names, <draft-ietf-ldapbis-dn-16.txt>, work in progress, February 2005 [17] M. Smith, T. Howes, LDAP: String Representation of Search Filters, <draft-ietf-ldapbis-filter-09.txt>, work in progress, November 2004 24