Internationalized Email Addresses in X.509 Certificates
RFC 9598
Document | Type |
RFC
- Proposed Standard
(May 2024)
Obsoletes RFC 8398
Updates RFC 5280
|
|
---|---|---|---|
Authors | Alexey Melnikov , Wei Chuang , Corey Bonnell | ||
Last updated | 2024-05-23 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
IESG | Responsible AD | Roman Danyliw | |
Send notices to | (None) |
RFC 9598
Internet Engineering Task Force (IETF) A. Melnikov Request for Comments: 9598 Isode Ltd Obsoletes: 8398 W. Chuang Updates: 5280 Google, Inc. Category: Standards Track C. Bonnell ISSN: 2070-1721 DigiCert May 2024 Internationalized Email Addresses in X.509 Certificates Abstract This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name and Issuer Alternative Name extension that allows a certificate subject to be associated with an internationalized email address. This document updates RFC 5280 and obsoletes RFC 8398. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9598. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction 2. Conventions Used in This Document 3. Name Definitions 4. IDNA2008 5. Matching of Internationalized Email Addresses in X.509 Certificates 6. Name Constraints in Path Validation 7. Security Considerations 8. Differences from RFC 8398 9. IANA Considerations 10. References 10.1. Normative References 10.2. Informative References Appendix A. ASN.1 Module Appendix B. Example of SmtpUTF8Mailbox Acknowledgments Authors' Addresses 1. Introduction [RFC5280] defines the rfc822Name subjectAltName name type for representing email addresses as described in [RFC5321]. The syntax of rfc822Name is restricted to a subset of US-ASCII characters and thus can't be used to represent internationalized email addresses [RFC6531]. This document defines a new otherName variant to represent internationalized email addresses. In addition, this document requires all email address domains in X.509 certificates to conform to IDNA2008 [RFC5890]. This document obsoletes [RFC8398]. The primary motivation of this document is to simplify the encoding of domain labels found in the domain part of internationalized email addresses. In particular, [RFC8398] specifies that domain labels are conditionally encoded using either A-labels or U-labels. This specification simplifies encoding and processing of domain labels by mandating that the A-label representation be used in all cases. 2. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Name Definitions The GeneralName structure [RFC5280] supports many different name forms including otherName for extensibility. This section specifies the SmtpUTF8Mailbox name form of otherName so that internationalized email addresses can appear in the subjectAltName of a certificate, the issuerAltName of a certificate, or anywhere else that GeneralName is used. id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) -- SmtpUTF8Mailbox conforms to Mailbox as specified -- in Section 3.3 of RFC 6531. Additionally, all domain -- labels included in the SmtpUTF8Mailbox value are -- encoded as LDH labels. In particular, domain labels -- are not encoded as U-labels and instead are encoded -- using their A-label representation. When the subjectAltName (or issuerAltName) extension contains an internationalized email address with a non-ASCII Local-part, the address MUST be stored in the SmtpUTF8Mailbox name form of otherName. The format of SmtpUTF8Mailbox is a modified version of the internationalized Mailbox that was defined in Section 3.3 of [RFC6531], which was derived from Mailbox as defined in Section 4.1.2 of [RFC5321]. [RFC6531] defines the following ABNF rules for Mailbox whose parts are modified for internationalization: Local-part, Dot- string, Quoted-string, QcontentSMTP, Domain, and Atom. In particular, Local-part was updated to also support UTF8-non-ascii. UTF8-non-ascii was described by Section 3.1 of [RFC6532]. Also, domain was extended to support U-labels, as defined in [RFC5890]. This document further refines internationalized Mailbox ABNF rules as described in [RFC6531] and calls this SmtpUTF8Mailbox. In SmtpUTF8Mailbox, labels that include non-ASCII characters MUST be stored in A-label (rather than U-label) form [RFC5890]. This restriction reduces complexity for implementations of the certification path validation algorithm defined in Section 6 of [RFC5280]. In SmtpUTF8Mailbox, domain labels that solely use ASCII characters (meaning neither A- nor U-labels) SHALL use NR-LDH restrictions as specified by Section 2.3.1 of [RFC5890]. NR-LDH stands for "Non-Reserved Letters Digits Hyphen" and is the set of LDH labels that do not have "--" characters in the third and forth character positions, which excludes "tagged domain names" such as A-labels. To facilitate octet-for-octet comparisons of SmtpUTF8Mailbox values, all NR-LDH and A-label labels that constitute the domain part SHALL only be encoded with lowercase letters. Consistent with the treatment of rfc822Name in [RFC5280], SmtpUTF8Mailbox is an envelope Mailbox and has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by "<" and ">" characters. Due to name constraint compatibility reasons described in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT be used unless the Local-part of the email address contains non-ASCII characters. When the Local- part is ASCII, rfc822Name subjectAltName MUST be used instead of SmtpUTF8Mailbox. This is compatible with legacy software that supports only rfc822Name (and not SmtpUTF8Mailbox). The appropriate usage of rfc822Name and SmtpUTF8Mailbox is summarized in Table 1 below. SmtpUTF8Mailbox is encoded as UTF8String. The UTF8String encoding MUST NOT contain a Byte Order Mark (BOM) [RFC3629] to aid consistency across implementations, particularly for comparison. +=================+=================+ | Local-part char | subjectAltName | +=================+=================+ | ASCII-only | rfc822Name | +-----------------+-----------------+ | non-ASCII | SmtpUTF8Mailbox | +-----------------+-----------------+ Table 1: Email Address Formatting Non-ASCII Local-part values may additionally include ASCII characters. 4. IDNA2008 To facilitate comparison between email addresses, all email address domains in X.509 certificates MUST conform to IDNA2008 [RFC5890] (and avoid any "mappings" mentioned in that document). Use of non- conforming email address domains introduces the possibility of conversion errors between alternate forms. This applies to SmtpUTF8Mailbox and rfc822Name in subjectAltName, issuerAltName, and anywhere else that these are used. 5. Matching of Internationalized Email Addresses in X.509 Certificates Equivalence comparisons with SmtpUTF8Mailbox consist of a domain part step and a Local-part step. The comparison form for Local-parts is always UTF-8. The comparison form for domain parts is always performed with the LDH label ([RFC5890]) encoding of the relevant domain labels. The comparison of LDH labels in domain parts reduces complexity for implementations of the certification path validation algorithm as defined in Section 6 of [RFC5280] by obviating the need to convert domain labels to their Unicode representation. Comparison of two SmtpUTF8Mailboxes is straightforward with no setup work needed. They are considered equivalent if there is an exact octet-for-octet match. Comparison of an SmtpUTF8Mailbox and rfc822Name will always fail. SmtpUTF8Mailbox values SHALL contain a Local-part that includes one or more non-ASCII characters, while rfc822Names only includes ASCII characters (including the Local-part). Thus, an SmtpUTF8Mailbox and rfc822Name will never match. Comparison of SmtpUTF8Mailbox values with internationalized email addresses from other sources (such as received email messages, user input, etc.) requires additional setup steps for domain part and Local-part. The initial preparation for the email address to compare with the SmtpUTF8Mailbox value is to remove any phrases, comments, and "<" or ">" characters. For the setup of the domain part, the following conversions SHALL be performed: 1. Convert all labels that constitute the domain part that include non-ASCII characters to A-labels, if not already in that form. a. Detect all U-labels present within the domain part using Section 5.1 of [RFC5891]. b. Transform all detected U-labels (Unicode) to A-labels (ASCII) as specified in Section 5.5 of [RFC5891]. 2. Convert all uppercase letters found within the NR-LDH and A-label labels that constitute the domain part to lowercase letters. For the setup of the Local-part, the Local-part MUST be verified to conform to the requirements of [RFC6530] and [RFC6531], including being a string in UTF-8 form. In particular, the Local- part MUST NOT be transformed in any way, such as by doing case folding or normalization of any kind. The Local-part of an internationalized email address is already in UTF-8. Once setup is complete, they are again compared octet for octet. To summarize non-normatively, the comparison steps, including setup, are: 1. If the domain contains U-labels, transform them to A-labels. 2. If any NR-LDH or A-label domain label in the domain part contains uppercase letters, lowercase them. 3. Compare strings octet for octet for equivalence. This specification expressly does not define any wildcard characters, and SmtpUTF8Mailbox comparison implementations MUST NOT interpret any characters as wildcards. Instead, to specify multiple email addresses through SmtpUTF8Mailbox, the certificate MUST use multiple subjectAltNames or issuerAltNames to explicitly carry any additional email addresses. 6. Name Constraints in Path Validation This section updates Section 4.2.1.10 of [RFC5280] to extend rfc822Name name constraints to SmtpUTF8Mailbox subjectAltNames. SmtpUTF8Mailbox-aware path validators will apply name constraint comparison to the subject distinguished name and both forms of subject alternative names, rfc822Name and SmtpUTF8Mailbox. Both rfc822Name and SmtpUTF8Mailbox subject alternative names represent the same underlying email address namespace. Since legacy Certification Authorities (CAs) constrained to issue certificates for a specific set of domains would lack corresponding UTF-8 constraints, [RFC9549] updates, modifies, and extends rfc822Name name constraints defined in [RFC5280] to cover SmtpUTF8Mailbox subject alternative names. This ensures that the introduction of SmtpUTF8Mailbox does not violate existing name constraints. Since it is not valid to include non-ASCII UTF-8 characters in the Local-part of rfc822Name name constraints, and since name constraints that include a Local- part are rarely, if at all, used in practice, name constraints updated in [RFC9549] allow the forms that represent all addresses at a host, or all mailboxes in a domain and deprecates rfc822Name name constraints that represent a particular mailbox. That is, rfc822Name constraints with a Local-part SHOULD NOT be used. Constraint comparison with SmtpUTF8Mailbox subjectAltName starts with the setup steps defined in Section 5. Setup converts the inputs of the comparison (which is one of a subject distinguished name, an rfc822Name, or an SmtpUTF8Mailbox subjectAltName, and one of an rfc822Name name constraint) to constraint comparison form. For both the name constraint and the subject, this will convert all A-labels and NR-LDH labels to lowercase. Strip the Local-part and "@" separator from each rfc822Name and SmtpUTF8Mailbox, which leaves just the domain part. After setup, follow the comparison steps defined in Section 4.2.1.10 of [RFC5280] as follows. If the resulting name constraint domain starts with a "." character, then for the name constraint to match, a suffix of the resulting subject alternative name domain MUST match the name constraint (including the leading ".") octet for octet. If the resulting name constraint domain does not start with a "." character, then for the name constraint to match, the entire resulting subject alternative name domain MUST match the name constraint octet for octet. Certificate Authorities that wish to issue CA certificates with email address name constraints MUST use rfc822Name subject alternative names only. These MUST be IDNA2008-conformant names with no mappings and with non-ASCII domains encoded in A-labels only. The name constraint requirement with an SmtpUTF8Mailbox subject alternative name is illustrated in the non-normative diagram in Figure 1. The first example (1) illustrates a permitted rfc822Name ASCII-only host name name constraint and the corresponding valid rfc822Name subjectAltName and SmtpUTF8Mailbox subjectAltName email addresses. The second example (2) illustrates a permitted rfc822Name host name name constraint with an A-label, and the corresponding valid rfc822Name subjectAltName and SmtpUTF8Mailbox subjectAltName email addresses. Note that an email address with an ASCII-only Local-part is encoded as rfc822Name despite also having Unicode present in the domain. +-------------------------------------------------------------------+ | Root CA Cert | +-------------------------------------------------------------------+ | v +-------------------------------------------------------------------+ | Intermediate CA Cert | | Permitted | | rfc822Name: elementary.school.example.com (1) | | | | rfc822Name: xn--pss25c.example.com (2) | | | +-------------------------------------------------------------------+ | v +-------------------------------------------------------------------+ | Entity Cert (w/explicitly permitted subjects) | | SubjectAltName Extension | | rfc822Name: student@elementary.school.example.com (1) | | SmtpUTF8Mailbox: u+5B66u+751F@elementary.school.example.com | | (1) | | | | rfc822Name: student@xn--pss25c.example.com (2) | | SmtpUTF8Mailbox: u+533Bu+751F@xn--pss25c.example.com (2) | | | +-------------------------------------------------------------------+ Figure 1: Name Constraints with SmtpUTF8Name and rfc822Name 7. Security Considerations Use of SmtpUTF8Mailbox for certificate subjectAltName (and issuerAltName) will incur many of the same security considerations described in Section 8 of [RFC5280], but it introduces a new issue by permitting non-ASCII characters in the email address Local-part. This issue, as mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], is that use of Unicode introduces the risk of visually similar and identical characters that can be exploited to deceive the recipient. The former document references some means to mitigate against these attacks. See [WEBER] for more background on security issues with Unicode. Additionally, it is possible to encode a string of Unicode user- perceived characters in multiple ways. While various Unicode normalization forms exist, [RFC6531] does not mandate the use of any such forms for the encoding of the Local-part. Thus, it may be possible to encode a Local-part value in multiple ways. To mitigate against attacks where different encodings are used by the mail system and the Certification Authority issues certificates containing SmtpUTF8Mailbox values, this specification requires an octet-for- octet comparison of the Local-part. However, requiring the use of binary comparison may raise interoperability concerns where the mail system employs one encoding and the Certification Authority employs another. 8. Differences from RFC 8398 This document obsoletes [RFC8398]. There are three major changes defined in this specification: 1. In all cases, domain labels in mail addresses SHALL be encoded as LDH labels. In particular, domain names SHALL NOT be encoded using U-Labels; instead, use A-Labels. 2. To accommodate the first change listed above, the mail address matching algorithm defined in Section 5 of [RFC8398] has been modified to only accept domain labels that are encoded using their A-label representation. 3. Additionally, the procedure to process rfc822Name name constraints as defined in Section 6 of [RFC8398] has been modified to only accept domain labels that are encoded using their A-label representation. 9. IANA Considerations IANA has updated the reference for the id-mod-lamps-eai- addresses-2016 module in the "SMI Security for PKIX Module Identifier" (1.3.6.1.5.5.7.0) registry to refer to this document instead of [RFC8398]. IANA has updated the reference for the SmtpUTF8Mailbox otherName in the "SMI Security for PKIX Other Name Forms" (1.3.6.1.5.5.7.8) registry to refer to this document instead of [RFC8398]. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, <https://www.rfc-editor.org/info/rfc3629>. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, <https://www.rfc-editor.org/info/rfc5280>. [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, DOI 10.17487/RFC5321, October 2008, <https://www.rfc-editor.org/info/rfc5321>. [RFC5890] Klensin, J., "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework", RFC 5890, DOI 10.17487/RFC5890, August 2010, <https://www.rfc-editor.org/info/rfc5890>. [RFC5891] Klensin, J., "Internationalized Domain Names in Applications (IDNA): Protocol", RFC 5891, DOI 10.17487/RFC5891, August 2010, <https://www.rfc-editor.org/info/rfc5891>. [RFC6530] Klensin, J. and Y. Ko, "Overview and Framework for Internationalized Email", RFC 6530, DOI 10.17487/RFC6530, February 2012, <https://www.rfc-editor.org/info/rfc6530>. [RFC6531] Yao, J. and W. Mao, "SMTP Extension for Internationalized Email", RFC 6531, DOI 10.17487/RFC6531, February 2012, <https://www.rfc-editor.org/info/rfc6531>. [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized Email Headers", RFC 6532, DOI 10.17487/RFC6532, February 2012, <https://www.rfc-editor.org/info/rfc6532>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8398] Melnikov, A., Ed. and W. Chuang, Ed., "Internationalized Email Addresses in X.509 Certificates", RFC 8398, DOI 10.17487/RFC8398, May 2018, <https://www.rfc-editor.org/info/rfc8398>. [RFC9549] Housley, R., "Internationalization Updates to RFC 5280", RFC 9549, DOI 10.17487/RFC9549, March 2024, <https://www.rfc-editor.org/info/rfc9549>. 10.2. Informative References [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, <https://www.rfc-editor.org/info/rfc5912>. [WEBER] Weber, C., "Unraveling Unicode: A Bag of Tricks for Bug Hunting", July 2009, <https://www.lookout.net/files/ Chris_Weber_Character%20Transformations%20v1.7_IUC33.pdf>. Appendix A. ASN.1 Module The following ASN.1 module normatively specifies the SmtpUTF8Mailbox structure. This specification uses the ASN.1 definitions from [RFC5912] with the 2002 ASN.1 notation used in that document. [RFC5912] updates normative documents using older ASN.1 notation. LAMPS-EaiAddresses-2016 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-lamps-eai-addresses-2016(92) } DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS OTHER-NAME FROM PKIX1Implicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) } id-pkix FROM PKIX1Explicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } ; -- -- otherName carries additional name types for subjectAltName, -- issuerAltName, and other uses of GeneralNames. -- id-on OBJECT IDENTIFIER ::= { id-pkix 8 } SmtpUtf8OtherNames OTHER-NAME ::= { on-SmtpUTF8Mailbox, ... } on-SmtpUTF8Mailbox OTHER-NAME ::= { SmtpUTF8Mailbox IDENTIFIED BY id-on-SmtpUTF8Mailbox } id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 } SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX)) -- SmtpUTF8Mailbox conforms to Mailbox as specified -- in Section 3.3 of RFC 6531. Additionally, all domain -- labels included in the SmtpUTF8Mailbox value are -- encoded as LDH Labels. In particular, domain labels -- are not encoded as U-Labels and instead are encoded -- using their A-label representation. END Appendix B. Example of SmtpUTF8Mailbox This non-normative example demonstrates using SmtpUTF8Mailbox as an otherName in GeneralName to encode the email address "u+533Bu+751F@xn--pss25c.example.com". The hexadecimal DER encoding of the block is: a02b0608 2b060105 05070809 a01f0c1d e58cbbe7 949f4078 6e2d2d70 73733235 632e6578 616d706c 652e636f 6d The text decoding is: 0 43: [0] { 2 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 8 9' 12 31: [0] { 14 29: UTF8String 'u+533Bu+751F@xn--pss25c.example.com' : } : } The example was encoded using Google's "der-ascii" program and the above text decoding is an output of Peter Gutmann's "dumpasn1" program. Acknowledgments The authors thank David Benjamin for providing the motivation for this document. Additionally, the authors thank Éric Vyncke, John Levine, Peter van Dijk, Rich Salz, Russ Housley, and Tim Hollebeek for their reviews and feedback, which meaningfully improved the document. The authors also recognize and appreciate the following individuals for their contributions to [RFC8398]: | Thank you to Magnus Nystrom for motivating this document. Thanks | to Russ Housley, Nicolas Lidzborski, Laetitia Baudoin, Ryan | Sleevi, Sean Leonard, Sean Turner, John Levine, and Patrik | Falstrom for their feedback. Also special thanks to John Klensin | for his valuable input on internationalization, Unicode, and ABNF | formatting; to Jim Schaad for his help with the ASN.1 example and | his helpful feedback; and especially to Viktor Dukhovni for | helping us with name constraints and his many detailed document | reviews. Authors' Addresses Alexey Melnikov Isode Ltd 14 Castle Mews Hampton, Middlesex TW12 2NP United Kingdom Email: Alexey.Melnikov@isode.com Wei Chuang Google, Inc. 1600 Amphitheater Parkway Mountain View, CA United States of America Email: weihaw@google.com Corey Bonnell DigiCert Pittsburgh, PA United States of America Email: corey.bonnell@digicert.com