Frank Hecker wrote: > > Since you asked me to comment... > > First, is this question about names included in end entity certificates? > (For example, a CA issuing an SSL server certificate to an organization, > and having the organization's name within the certificate being in > Turkish, or Hebrew, or Chinese, or whatever.) > Exactly! > If so, this issue seems (at least to me) to be related to the issue of > internationalized domain names (IDN). IIRC we already support display > and entry of domain names in, e.g., Chinese, Hebrew, etc. > > http://developer.mozilla.org/en/docs/Internationalized_Domain_Names_(IDN)_Support_in_Mozilla_Browsers > I know about this, but IDN are localized domain names which the browser knows to handle. Obviously the relying party might be interested more in the other details than the domain name (except the initial verification that this is the right email address or domain name). > Given that, why should we object to CAs putting Chinese, etc., names in > end entity certificates, as long as there is an appropriate technical > mechanism to make this work? A lot of the CAs we deal with now are > country-specific CAs whose businesses is very focused on the country in > which they're located. They will probably issue most if not all of their > certificates to organizations and individuals in their home country, and > those certificates will probably be seen primarily by users in those > countries. Since most of those users won't speak English, it makes sense > for domain names, names in certificates, and so on, to be in their > native language and the associated character set. > Your answer somewhat surprises me a bit, but I do understand your argument of course. Nevertheless, I think CAs which do operate in such countries, most notably Verisign actually "translate" the names to English (Latin) letters. Also passports have English interpretation of the native names. Organizations have usually an internationalized name associated with their native one. I haven't come across a passport (of the affected countries of course) which doesn't have a secondary line for each entry in Latin letters. As you understand by now, I'm in favor of having Latin letters as a must and I guess I'll have to bring up some good arguments in favor for it ;-)
BTW, do you remember from memory how the EV guidelines handles this? Else I'll look it up later...it just would be interesting to know what their decision was on this subject. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
