Re: [apps-discuss] CONTEXTJ in TLD DNS-Labels (draft-liman-tld-names-05)

"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Thu, 21 July 2011 01:25 UTC

Return-Path: <duerst@it.aoyama.ac.jp>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B9A11E8073 for <apps-discuss@ietfa.amsl.com>; Wed, 20 Jul 2011 18:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.754
X-Spam-Level:
X-Spam-Status: No, score=-99.754 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yv8lpFuooHua for <apps-discuss@ietfa.amsl.com>; Wed, 20 Jul 2011 18:25:33 -0700 (PDT)
Received: from acintmta01.acbb.aoyama.ac.jp (acintmta01.acbb.aoyama.ac.jp [133.2.20.33]) by ietfa.amsl.com (Postfix) with ESMTP id 9681511E8070 for <apps-discuss@ietf.org>; Wed, 20 Jul 2011 18:25:32 -0700 (PDT)
Received: from acmse01.acbb.aoyama.ac.jp ([133.2.20.226]) by acintmta01.acbb.aoyama.ac.jp (secret/secret) with SMTP id p6L1PPak023278 for <apps-discuss@ietf.org>; Thu, 21 Jul 2011 10:25:25 +0900
Received: from (unknown [133.2.206.133]) by acmse01.acbb.aoyama.ac.jp with smtp id 1262_54a9_4f9a5624_b338_11e0_8ad4_001d096c5b62; Thu, 21 Jul 2011 10:25:25 +0900
Received: from [IPv6:::1] ([133.2.210.5]:33097) by itmail.it.aoyama.ac.jp with [XMail 1.22 ESMTP Server] id <S1531696> for <apps-discuss@ietf.org> from <duerst@it.aoyama.ac.jp>; Thu, 21 Jul 2011 10:25:27 +0900
Message-ID: <4E277FC3.5090102@it.aoyama.ac.jp>
Date: Thu, 21 Jul 2011 10:24:19 +0900
From: =?UTF-8?B?Ik1hcnRpbiBKLiBEw7xyc3Qi?= <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100722 Eudora/3.0.4
MIME-Version: 1.0
To: Behnam Esfahbod <behnam@esfahbod.info>
References: <B464B2C6607E04FD0572AA74@192.168.1.128> <CANp6Ttw4MaAJy2VRvZ8929oBju9jL3b69PkSyFLi-SC4YaNTnw@mail.gmail.com> <85FB14D637D54FBC5A95D68E@PST.JCK.COM> <CANp6Ttxjpye3odm+8gNfH5iMUpeL1kqQ2JpyOeVdho2mp4HWeQ@mail.gmail.com>
In-Reply-To: <CANp6Ttxjpye3odm+8gNfH5iMUpeL1kqQ2JpyOeVdho2mp4HWeQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: apps-discuss <apps-discuss@ietf.org>, Siavash Shahshahani <shahshah@nic.ir>
Subject: Re: [apps-discuss] CONTEXTJ in TLD DNS-Labels (draft-liman-tld-names-05)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2011 01:25:34 -0000

On 2011/07/21 2:41, Behnam Esfahbod wrote:

> 4. And finally, as I mentioned in the other thread (sharing with
> VIP-Arabic team), there are much more possible security risks using
> only PVALID Arabic characters.  So, why do you start with CONTEXTO
> (ZWNJ and ZWJ) and stop right there?
> 4.1. If this RFC is required to make sure TLD labels are secure "all
> the way", there is still a lot of work to be done and we should extend
> it to cross-script issue, (like the case for .py) as well.
> 4.2. If we agree that it is not possible to take care of all the
> security risks of the characters of all major scripts/languages in
> some RFCs, why ZWNJ is different from the other characters?

I fully agree with Behnam here. Disallowing ZWNJ is just scratching the 
surface of the actual problem, but on the other hand is damaging in 
cases where it the character is needed. Pretending to solve a problem by 
finding a scapegoat is never a good solution.

Regards,   Martin.