----- Original Message -----
From: "Mark Davis"
To: "IETF idn working group"
Sent: Friday, February 01, 2002 7:17 AM
Subject: Re: [idn] stringprep comment 2
> The comparison of loose vs loose should never be done, for the reasons
> you outline. That leaves
>
> a) strict vs strict
> b) strict vs loose
>
> (a) is always safe.
>
> (b) works for situations like DNS, where there is a server on one side
> storing strict keys, and queries are made on the other and may be
> loose or strict. It would work for similar situations, such as email,
> if at one end there is a server that does validation (of, in this
> case, email names).
In VCARD , P3P , MSN Passport or addressbook entry form,
by what criteria can we decide which nameprep the input email addresses
should go through : strict nameprep or loose nameprep ?
The same question is valid for the senders' email addresses
in RFC822 "From:" header values and in SMTP "MAIL FROM:" header values ,
in instant web-based FORMMAIL submissions and
in job applications forms.
In there any possibility that any IDN labels which are intended as "queries" and ever injected into the internet
from one application , become permanent/persistant identifiers
at other applications? ACE labels carry no such context during their trip through out thier life time
in the interconnected applications. How can we prevent blind trusts or misuses of "queries"?
Soobok Lee
