Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id B0CAAD34DC; Thu, 20 Mar 2014 16:43:57 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s2KKhvI8014452; Thu, 20 Mar 2014 16:43:57 -0400 Received: from mailhub-dmz-1.mit.edu (mailhub-dmz-1.mit.edu [18.9.21.41]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id s2KK8eBj009859 for ; Thu, 20 Mar 2014 16:08:40 -0400 Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) by mailhub-dmz-1.mit.edu (8.13.8/8.9.2) with ESMTP id s2KK7g5P017650 for ; Thu, 20 Mar 2014 16:08:40 -0400 X-Auditid: 12074424-f79e26d000000c70-cc-532b4ac69576 Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id BA.00.03184.6CA4B235; Thu, 20 Mar 2014 16:08:39 -0400 (EDT) Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s2KK8cJ6020871 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 20 Mar 2014 16:08:38 -0400 Received: from blade.bos.redhat.com ([10.18.57.10]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s2KK8bD5005970 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 20 Mar 2014 16:08:37 -0400 Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1]) by blade.bos.redhat.com (8.14.7/8.14.5) with ESMTP id s2KK8a6N024058 for ; Thu, 20 Mar 2014 16:08:36 -0400 Received: (from nalin@localhost) by blade.bos.redhat.com (8.14.7/8.14.7/Submit) id s2KK8arp024057 for krb5-bugs@mit.edu; Thu, 20 Mar 2014 16:08:36 -0400 Date: Thu, 20 Mar 2014 16:08:35 -0400 From: Nalin Dahyabhai To: krb5-bugs@mit.edu Subject: International domain names Message-ID: <20140320200835.GA22999@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Red Hat, Inc. User-Agent: Mutt/1.5.21 (2010-09-15) X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.22 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPKsWRWlGSWpSXmKPExsVysWW7jO5xL+1gg12XrSwaHh5nd2D0aDpz lDmAMYrLJiU1J7MstUjfLoErY873b4wFO5krdn/czdzA+Iypi5GTQ0LAROLf63lgNqOAt8Sb q8fZIeJiEhfurWfrYuTiEBI4wSixZuNTFghnE5PE5sdTmSGcfiaJ+183MEE4Jxkldr6fxw7h zGGU+HO8FWgABweLgKrEp1nBIHPZBDQkjrXuZgWxRQREJV7+PcYCYgsLKEus/7WKEcTmFdCX mPv9EJQtKHFy5hOwGmYBLYkb/14ygYxkFpCWWP6PA8TkBzLbFsqCVIgKqEhMObmNDeIDbYlT G7+zT2AUnoVk0Cwkg2YhDFrAyLyKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI11wvN7NELzWldBMj MLSF2F1UdjA2H1I6xCjAwajEw3uRWztYiDWxrLgy9xCjJAeTkiivnytQiC8pP6UyI7E4I76o NCe1+BCjBAezkgjvNV2gHG9KYmVValE+TEqag0VJnFeeAyglkJ5YkpqdmlqQWgSTZeJgP8Qo w8GhJMEb7wlUIliUmp5akZaZU4KshhNEcIGs4QFaEwpSyFtckJhbnJkOUXSKUVFKnLfMA2QJ SCKjNA9uACwdXWKUlRLmZWRgYBDiAboA6HFU+VeM4kBPC/NagIznycwrgZv+CmgxE9Bi/qla IItLEhFSUg2MlqssCl85XxIU49QKXBJxVO1oiCvz6Tf75Us6Mh5Nby/kyrG+HHzshaaHzP8L CZ+97GIZc8LrjZk3tc730laLCdeQmVYownavMiJG6+jVQ0Y6gW8WbkzcE67KP2nX0ae2c1x3 tFldNm3682vy8+rqzkid/79XKuXkNBsuv+Gks+yHq9NT+d1KLMUZiYZazEXFiQC5/oczQgMA AA== X-Mailman-Approved-At: Thu, 20 Mar 2014 16:43:56 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 429 We don't seem to have any specific support for international domain names when specifying KDC names. MS-KKDCP support, being based on HTTPS, will probably require that we also start checking the name recorded in the server's certificate. RFC6125 and RFC6818 look to be decent starting points for what we should aim for there, though support for them doesn't appear all that widespread in other applications yet. Thanks, Nalin