Frank Hecker wrote: > Given that, why should we object to CAs putting Chinese, etc., names in > end entity certificates, as long as there is an appropriate technical > mechanism to make this work? [...] > [...] Since most of those users won't speak English, it makes sense > for domain names, names in certificates, and so on, to be in their > native language and the associated character set.
Maybe it would be adequate to require that the CA applies a policy that lowers the risk of homograph spoofing attacks. Nameprep and the IDN language-specific registration policy applicable to the language(s) the CA wishes to include in it's certificate might be adequate references. Though I feel it's an important point that nothing has been required until now for the CA already included in the list, and that, as far I know, nothing restricts them from including non US-ASCII content in the certificates they issue. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
