Dear Michael, I think it's better to ask NSS people about it. And this patch is NOT a part of openssl yet, and will not become soon. On Thu, Jul 4, 2019 at 6:42 AM Michael Casadevall <michael@casadevall.pro> wrote:
Solid work! Getting x.509 certificates works for EAI is a huge step forward.
I looked at the patch and it seems relatively clean although I haven't compiled it locally yet. Is there a timeframe for implementing this in Mozilla's NSS so Thunderbird can take advantage of S/MIME certificates for EAIs?
Michael
On 7/3/19 1:54 PM, Dmitry Belyavsky wrote:
Hi all,
Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240
The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)
Direct links:
Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398
The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI.
Feel free to test the patch and send feedback to pr@cctld.ru <mailto:pr@cctld.ru> or to me directly.
-- SY, Dmitry Belyavsky
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- SY, Dmitry Belyavsky