[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] impacted systems investigation

To: idn@ops.ietf.org
Subject: Re: [idn] impacted systems investigation
From: tale@nominum.com (David C Lawrence)
Date: Mon, 12 Mar 2001 06:36:57 -0500 (EST)
Delivery-date: Mon, 12 Mar 2001 03:40:12 -0800
Envelope-to: idn-data@psg.com

Mark Andrews said:
> UTF8 does not require a server upgrade

D. J. Bernstein answered:
> Right. But Patrik and Paul claim the opposite. This claim is, in fact,
> the centerpiece of the IDNA ``design philosophy.''

Not so.  We all know the servers can handle 8 bit domain names.  What
the servers can't tell, however, is whether some 8 bit string is UTF-8
or some local encoding, and that presents a security problem.  To use
UTF-8 at the server, the protocol would need to be updated so that a
client could affirmatively declare, "I'm IDN-aware, and thus my
request is using UTF-8, not some other local encoding."

Prev by Date: Re: [idn] impacted systems investigation
Next by Date: RE: [idn] Goals and Milestone
Prev by thread: Re: [idn] impacted systems investigation
Next by thread: Re: [idn] impacted systems investigation
Index(es):
- Date
- Thread