[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[idn] Re: Document Status?



At 07:57 AM 9/4/2002 +0200, Simon Josefsson wrote:
+ The entire world doesn't use Unicode, which is where IDNA starts.
Protocol standards rarely cover 100% of all possible situations.

The result is a limitation, not a failure.  The difference is key.


+ The choice of Unicode normalization KC has been questioned.
Are you claiming that a) the behavior is not well understood, or that b) the working group did not reach rough consensus on this matter? If you are claiming anything else, then it is not a "failure".


+ Any modifications to the Unicode code charts or normalizations
  tables destroy stability of IDN.
Even I remember this issue being resolved. Efforts like these always have an issue with outside work being incorporated, and that outside work getting revised.

The IETF approach is the usual one: The specification refers to a specific version of Unicode. If Unicode gets revised, the IETF may consider adopting it. Just because there is a new version of Unicode, the old one does not stop working.


+ Unicode normalization and bidi rules interact problematically.
Please refer to the "are you claiming" response, above.  It applies here, too.

These are things I've discovered by participating here for a month or
two and I don't pretend to understand these issues.
As nearly as I can tell, you have raised issues that are not failures in the specification, but rather issues about which some people are dissatisfied. There are always people dissatisfied with a specification. That does not mean it has technical failings.

  My point of view of IDN is not to enable fancy glyphs with it; it
  is to integrate IDN securely in protocols like TLS, Kerberos,
  OpenPGP and S/MIME which uses domain names for security critical
  things.  What may be sufficient for the web browsing herd may not be
  adequate for the security conscious club.  This focus seems to have
  been neglected.
How do IDN strings involve security issues that are different from classic ASCII domain names?

In other words, rather than "neglected" I believe the issue does not exist.

d/

----------
Dave Crocker <mailto:dave@tribalwise.com>
TribalWise, Inc. <http://www.tribalwise.com>
tel +1.408.246.8253; fax +1.408.850.1850