[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] spoofing by combining diacritical marks

To: "Soobok Lee" <lsb@postel.co.kr>,"Mark Davis" <mark@macchiato.com>, <idn@ops.ietf.org>
Subject: Re: [idn] spoofing by combining diacritical marks
From: "James Seng/Personal" <James@Seng.cc>
Date: Thu, 30 Aug 2001 14:34:12 +0800

> Yes, if it is wrong, MS should fix it. But  I guess MS and other
> implementors would like to make a threshold on the max length

There is no "I guess" in a standard. It is either it is compilence to a
standard or it is not.

> Anyway,  now, most people are using  Win2k/9x . aren't they?
> Until MS finishes  fixing the rendering engine and  most people use
the
> patched one, allowing <acute><acute> in IDN label  should be postponed
> for security reasons.

And the problem is? IETF has never been bias on any platform and I dont
expect we started to change our protocol just to accomodate any platform
in particular.

> "Postpone" cannot be put into nameprep, mechanical filtering.   clear.
> "Guidelines for zone-masters", optional human filtering in
registration phase,
>  is the only feasible choice in this case.

I disagree. What makes you sure that there wouldn't be a valid reason to
use a double or triple accute?

-James Seng

Prev by Date: Re: [idn] spoofing by combining diacritical marks
Next by Date: Re: [idn] spoofing by combining diacritical marks
Prev by thread: Re: [idn] spoofing by combining diacritical marks
Next by thread: Re: [idn] spoofing by combining diacritical marks
Index(es):
- Date
- Thread