RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation
Hi all, Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240 The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian) Direct links: Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398 The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI. Feel free to test the patch and send feedback to pr@cctld.ru or to me directly. -- SY, Dmitry Belyavsky
Solid work! Getting x.509 certificates works for EAI is a huge step forward. I looked at the patch and it seems relatively clean although I haven't compiled it locally yet. Is there a timeframe for implementing this in Mozilla's NSS so Thunderbird can take advantage of S/MIME certificates for EAIs? Michael On 7/3/19 1:54 PM, Dmitry Belyavsky wrote:
Hi all,
Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240
The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)
Direct links:
Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398
The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI.
Feel free to test the patch and send feedback to pr@cctld.ru <mailto:pr@cctld.ru> or to me directly.
-- SY, Dmitry Belyavsky
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Dear Michael, I think it's better to ask NSS people about it. And this patch is NOT a part of openssl yet, and will not become soon. On Thu, Jul 4, 2019 at 6:42 AM Michael Casadevall <michael@casadevall.pro> wrote:
Solid work! Getting x.509 certificates works for EAI is a huge step forward.
I looked at the patch and it seems relatively clean although I haven't compiled it locally yet. Is there a timeframe for implementing this in Mozilla's NSS so Thunderbird can take advantage of S/MIME certificates for EAIs?
Michael
On 7/3/19 1:54 PM, Dmitry Belyavsky wrote:
Hi all,
Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240
The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)
Direct links:
Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398
The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI.
Feel free to test the patch and send feedback to pr@cctld.ru <mailto:pr@cctld.ru> or to me directly.
-- SY, Dmitry Belyavsky
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- SY, Dmitry Belyavsky
Thank you Dmitry for sharing this. It is a huge step forward. Excellent work. Thanks Ajay On July 3, 2019 11:24:18 PM GMT+05:30, Dmitry Belyavsky <beldmit@gmail.com> wrote:
Hi all,
Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240
The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)
Direct links:
Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398
The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI.
Feel free to test the patch and send feedback to pr@cctld.ru or to me directly.
-- SY, Dmitry Belyavsky
-- Sent from my Android device with XGenPlus.
Dear colleagues, I'm happy to let you know that the support of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" is just committed to the OpenSSL master branch. This support will go public in OpenSSL 3.0 (hopefully later this year). The work was originally done with the support of CCTLD RU/РФ. Special thanks to Maria Kolesnikova! On Wed, Jul 3, 2019 at 8:54 PM Dmitry Belyavsky <beldmit@gmail.com> wrote:
Hi all,
Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240
The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)
Direct links:
Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398
The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI.
Feel free to test the patch and send feedback to pr@cctld.ru or to me directly.
-- SY, Dmitry Belyavsky
-- SY, Dmitry Belyavsky
Great news! Thanks. Jiankang Yao From: Dmitry Belyavsky Date: 2020-08-26 20:09 To: ua-discuss; Mark Svancarek (CELA) via UA-EAI Subject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Dear colleagues, I'm happy to let you know that the support of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" is just committed to the OpenSSL master branch. This support will go public in OpenSSL 3.0 (hopefully later this year). The work was originally done with the support of CCTLD RU/РФ. Special thanks to Maria Kolesnikova! On Wed, Jul 3, 2019 at 8:54 PM Dmitry Belyavsky <beldmit@gmail.com> wrote: Hi all, Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240 The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian) Direct links: Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398 The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI. Feel free to test the patch and send feedback to pr@cctld.ru or to me directly. -- SY, Dmitry Belyavsky -- SY, Dmitry Belyavsky
Thanks for this news. Well done to Maria and the CCTLD RU/РФ. Any progress, by the way, with Yandex providing support for EAI? Google, MSFT & Apple now all EAI Phase 1 Ready – and CoreMail and XgenPlus EAI Phase 2 Ready. From: UA-discuss <ua-discuss-bounces@icann.org> On Behalf Of Jiankang Yao Sent: Thursday, 27 August 2020 3:23 PM To: Dmitry Belyavsky <beldmit@gmail.com>; ua-discuss <ua-discuss@icann.org>; ua-eai@icann.org Subject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Great news! Thanks. _____ Jiankang Yao From: Dmitry Belyavsky <mailto:beldmit@gmail.com> Date: 2020-08-26 20:09 To: ua-discuss <mailto:ua-discuss@icann.org> ; Mark Svancarek (CELA) via UA-EAI <mailto:ua-eai@icann.org> Subject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Dear colleagues, I'm happy to let you know that the support of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" is just committed to the OpenSSL master branch. This support will go public in OpenSSL 3.0 (hopefully later this year). The work was originally done with the support of CCTLD RU/РФ. Special thanks to Maria Kolesnikova! On Wed, Jul 3, 2019 at 8:54 PM Dmitry Belyavsky <beldmit@gmail.com <mailto:beldmit@gmail.com> > wrote: Hi all, Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240 The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian) Direct links: Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398 The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI. Feel free to test the patch and send feedback to pr@cctld.ru <mailto:pr@cctld.ru> or to me directly. -- SY, Dmitry Belyavsky -- SY, Dmitry Belyavsky
Congratulations to .ru/.рф for achieving this milestone! With kind regards, satish On Thu, Aug 27, 2020 at 12:54 PM Don Hollander <don.hollander@gmail.com> wrote:
Thanks for this news. Well done to Maria and the CCTLD RU/РФ.
Any progress, by the way, with Yandex providing support for EAI? Google, MSFT & Apple now all EAI Phase 1 Ready – and CoreMail and XgenPlus EAI Phase 2 Ready.
*From:* UA-discuss <ua-discuss-bounces@icann.org> *On Behalf Of *Jiankang Yao *Sent:* Thursday, 27 August 2020 3:23 PM *To:* Dmitry Belyavsky <beldmit@gmail.com>; ua-discuss < ua-discuss@icann.org>; ua-eai@icann.org *Subject:* Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation
Great news!
Thanks.
------------------------------
Jiankang Yao
*From:* Dmitry Belyavsky <beldmit@gmail.com>
*Date:* 2020-08-26 20:09
*To:* ua-discuss <ua-discuss@icann.org>; Mark Svancarek (CELA) via UA-EAI <ua-eai@icann.org>
*Subject:* Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation
Dear colleagues,
I'm happy to let you know that the support of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" is just committed to the OpenSSL master branch. This support will go public in OpenSSL 3.0 (hopefully later this year).
The work was originally done with the support of CCTLD RU/РФ. Special thanks to Maria Kolesnikova!
On Wed, Jul 3, 2019 at 8:54 PM Dmitry Belyavsky <beldmit@gmail.com> wrote:
Hi all,
Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240
The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)
Direct links:
Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398
The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI.
Feel free to test the patch and send feedback to pr@cctld.ru or to me directly.
--
SY, Dmitry Belyavsky
--
SY, Dmitry Belyavsky _______________________________________________ UA-discuss mailing list UA-discuss@icann.org https://mm.icann.org/mailman/listinfo/ua-discuss _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Thank you, Don!As for Yandex, they allow to create mailboxes with IDNs but still ASCII only in the local part. Cheers,Maria KolesnikovaОтправлено со смартфона Samsung Galaxy. -------- Исходное сообщение --------От: Don Hollander <don.hollander@gmail.com> Дата: 27.08.2020 10:24 (GMT+03:00) Кому: 'yaojk' <yaojk@cnnic.cn>, 'Dmitry Belyavsky' <beldmit@gmail.com>, 'ua-discuss' <ua-discuss@icann.org>, ua-eai@icann.org Тема: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Thanks for this news. Well done to Maria and the CCTLD RU/РФ. Any progress, by the way, with Yandex providing support for EAI? Google, MSFT & Apple now all EAI Phase 1 Ready – and CoreMail and XgenPlus EAI Phase 2 Ready. From: UA-discuss <ua-discuss-bounces@icann.org> On Behalf Of Jiankang YaoSent: Thursday, 27 August 2020 3:23 PMTo: Dmitry Belyavsky <beldmit@gmail.com>; ua-discuss <ua-discuss@icann.org>; ua-eai@icann.orgSubject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Great news!Thanks. Jiankang Yao From: Dmitry BelyavskyDate: 2020-08-26 20:09To: ua-discuss; Mark Svancarek (CELA) via UA-EAISubject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementationDear colleagues, I'm happy to let you know that the support of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" is just committed to the OpenSSL master branch. This support will go public in OpenSSL 3.0 (hopefully later this year).The work was originally done with the support of CCTLD RU/РФ. Special thanks to Maria Kolesnikova! On Wed, Jul 3, 2019 at 8:54 PM Dmitry Belyavsky <beldmit@gmail.com> wrote:Hi all,Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian)Direct links:Draft implementation - https://cctld.ru/files/eai/rfc8398.diffTest examples - https://cctld.ru/files/eai/root.tar.gzInstructions - https://cctld.ru/files/eai/README.8398The implementation covers the following cases:- Displaying the EAI in X.509 certificates- Verifying NameConstraints in X.509 certificate chains of trust- Matching EAIs in X.509 with provided EAI.Feel free to test the patch and send feedback to pr@cctld.ru or to me directly. -- SY, Dmitry Belyavsky -- SY, Dmitry Belyavsky
Thanks. And has anyone followed up with TenCent? And have any of Coremail's CUSTOMERS turned on EAI? D From: Maria Kolesnikova <masha@cctld.ru> Sent: Thursday, 27 August 2020 9:08 PM To: don@I2.org.nz; 'yaojk' <yaojk@cnnic.cn>; 'Dmitry Belyavsky' <beldmit@gmail.com>; 'ua-discuss' <ua-discuss@icann.org>; ua-eai@icann.org Subject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Thank you, Don! As for Yandex, they allow to create mailboxes with IDNs but still ASCII only in the local part. Cheers, Maria Kolesnikova Отправлено со смартфона Samsung Galaxy. -------- Исходное сообщение -------- От: Don Hollander <don.hollander@gmail.com <mailto:don.hollander@gmail.com> > Дата: 27.08.2020 10:24 (GMT+03:00) Кому: 'yaojk' <yaojk@cnnic.cn <mailto:yaojk@cnnic.cn> >, 'Dmitry Belyavsky' <beldmit@gmail.com <mailto:beldmit@gmail.com> >, 'ua-discuss' <ua-discuss@icann.org <mailto:ua-discuss@icann.org> >, ua-eai@icann.org <mailto:ua-eai@icann.org> Тема: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Thanks for this news. Well done to Maria and the CCTLD RU/РФ. Any progress, by the way, with Yandex providing support for EAI? Google, MSFT & Apple now all EAI Phase 1 Ready – and CoreMail and XgenPlus EAI Phase 2 Ready. From: UA-discuss <ua-discuss-bounces@icann.org <mailto:ua-discuss-bounces@icann.org> > On Behalf Of Jiankang Yao Sent: Thursday, 27 August 2020 3:23 PM To: Dmitry Belyavsky <beldmit@gmail.com <mailto:beldmit@gmail.com> >; ua-discuss <ua-discuss@icann.org <mailto:ua-discuss@icann.org> >; ua-eai@icann.org <mailto:ua-eai@icann.org> Subject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Great news! Thanks. _____ Jiankang Yao From: Dmitry Belyavsky <mailto:beldmit@gmail.com> Date: 2020-08-26 20:09 To: ua-discuss <mailto:ua-discuss@icann.org> ; Mark Svancarek (CELA) via UA-EAI <mailto:ua-eai@icann.org> Subject: Re: [UA-discuss] RFC 8398 "Internationalized Email Addresses in X.509 Certificates" implementation Dear colleagues, I'm happy to let you know that the support of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" is just committed to the OpenSSL master branch. This support will go public in OpenSSL 3.0 (hopefully later this year). The work was originally done with the support of CCTLD RU/РФ. Special thanks to Maria Kolesnikova! On Wed, Jul 3, 2019 at 8:54 PM Dmitry Belyavsky <beldmit@gmail.com <mailto:beldmit@gmail.com> > wrote: Hi all, Coordination Center for TLD .RU/.РФ is happy to announce a draft implementation of RFC 8398 "Internationalized Email Addresses in X.509 Certificates" for OpenSSL: https://cctld.ru/en/news/news_detail.php?ID=21240 The implementation and some test examples are available for download here: https://cctld.ru/files/books/EAI.pdf (in Russian) Direct links: Draft implementation - https://cctld.ru/files/eai/rfc8398.diff Test examples - https://cctld.ru/files/eai/root.tar.gz Instructions - https://cctld.ru/files/eai/README.8398 The implementation covers the following cases: - Displaying the EAI in X.509 certificates - Verifying NameConstraints in X.509 certificate chains of trust - Matching EAIs in X.509 with provided EAI. Feel free to test the patch and send feedback to pr@cctld.ru <mailto:pr@cctld.ru> or to me directly. -- SY, Dmitry Belyavsky -- SY, Dmitry Belyavsky
participants (8)
-
Dmitry Belyavsky -
Don Hollander -
Dr. Ajay Data -
Jiankang Yao -
Maria Kolesnikova -
Michael Casadevall -
Mike Hemp -
Satish Babu