IETF Logo Mail Archive

[art] Re: [Last-Call] Re: [SPICE] Re: Re: draft-ietf-spice-glue-id-04 ietf last call Artart review

John C Klensin <john-ietf@jck.com> Thu, 12 February 2026 21:53 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: art@mail2.ietf.org
Delivered-To: art@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 71393B6899E7; Thu, 12 Feb 2026 13:53:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blsMNZSA0Vbq; Thu, 12 Feb 2026 13:53:00 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by mail2.ietf.org (Postfix) with ESMTP id AFB27B689884; Thu, 12 Feb 2026 13:52:39 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1vqebx-000OwO-18; Thu, 12 Feb 2026 16:52:33 -0500
Date: Thu, 12 Feb 2026 16:52:27 -0500
From: John C Klensin <john-ietf@jck.com>
To: Rohan Mahy <rohan.mahy@gmail.com>, Patrik Fältström <paf@paftech.se>
Message-ID: <8EDB82ABFD21D1AA4A774242@PSB>
In-Reply-To: <CAKoiRua9S+70bstKRBpGxnibhQA+W2LbpKVrHrpaZ+cBbVV8bQ@mail.gmail.com>
References: <CAP5QTG5-hGWm1_u7CZTJW5H56LxXecoKbk3viBfBPdoDOxozhA@mail. gmail.com> <CAHBU6itnZa3VDE=_zWsMeDJ8CuieWvdyzvQS51BhcPqG8Fz07Q@mail.gmail.com> <CAKoiRubs9ZUO=kbvOgvgruaqiBusyvv_BqO0_kkah2SokjRcmw@mail.gmail.com> <4C4C41E0-9D36-4A10-AEE4-D94C8B319485@paftech.se> <CAKoiRub+QYyMFE=jMTvNc+FDn-YFiBdM7jC5da64HyvmXyx3Dg@mail.gmail.com> <62A41349908B128EDD6AA331@PSB> <794B84A2-9042-4B7A-815B-42AE37DF336F@paftech.se> <CAKoiRua9S+70bstKRBpGxnibhQA+W2LbpKVrHrpaZ+cBbVV8bQ@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Message-ID-Hash: 7FPJBVAXQKDCDEMNGPY7OPOXFW4TB3TH
X-Message-ID-Hash: 7FPJBVAXQKDCDEMNGPY7OPOXFW4TB3TH
X-MailFrom: john-ietf@jck.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Tim Bray <tbray@textuality.com>, Brent Zundel <brent.zundel=40yubico.com@dmarc.ietf.org>, art@ietf.org, draft-ietf-spice-glue-id.all@ietf.org, last-call@ietf.org, spice@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [art] Re: [Last-Call] Re: [SPICE] Re: Re: draft-ietf-spice-glue-id-04 ietf last call Artart review
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/nRNixxxzIMwYWFq_Ftl-4ZP_yFQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>

Rohan,

I think your comment illustrates where I (and probably Patrik)
disagree with your messages on this subject.  But first, I believe
that, by now, the IETF should be carefully examining every new
identifier system that is intended for worldwide use to determine
whether the characters used by writing systems developed outside
western Europe are needed or whether it is appropriate to stick with
ASCII (or even a restricted subset of ASCII).  Up to that point, I
think all three of us probably agree.  Borrowing a bit from a
non-IETF discussions earlier today, if the decision going to remain
"ASCII only" I even believe the I-D should be required to include an
explanation of that decision and that it is time for the IESG to
start forcing "Internationalization Considerations" on all
identifier-defining documents even if all those sections say is "We
decided to stick with ASCII because anything else is too much
trouble".

However, I think that what Patrik and I are saying in different ways
is that, if you start by specifying syntax, rather than having the WG
understand the issues involved, including the decisions that need to
be made, and having at least preliminary draft text to deal with
them, you just specify syntax, you invite a world of pain and hurt.
That is especially important since there may be interactions between
substantive choices and optimal choices of encoding systems (and
hence syntax).   Even if you say "just do what RFC 3987 IRIs do",
that raises other issues, starting with whether that is really the
best spec to cite for (if I understand the intent of the SPICE work
correctly) in the definition of a URN namespace.  So I am suggesting
that the order of events/ consideration should be:

(1) Decide whether non-ASCII identifiers are going to be allowed.  If
not, preferentially explain why and incorporate the explanation in
the document.  If so...
(2) Sort through the issues associated with such identifiers,
starting with the ones raised by the comparison problem Patrik
mentioned in his latest note but then moving on to other restrictions
(and options) about strings, characters (or code points) to be
allowed, and so on.  The documents I mentioned are a good starting
point to help identify issues and provide some choices.  There has
extensive work in W3C that might provide next-step suggestions or
even a different starting point.   Only when those issues, and the
decisions they imply, are agreed upon and documented in a least
preliminary form,...
(3) Consider options for syntax and, as needed, encoding rules.

While I share Patrik's very strong preference that you not go off and
try to invent something new -- there is enough confusion in this
space already and every new option just adds to the confusion and
increased complexity -- there are multiple options at each of those
steps and more than one might be plausible.  If one starts with
syntax, it will tend to preclude decisions that might have been the
right one.

And, unfortunately, Patrik and I both have scars from attempts to do
this in other ways, including "syntax first, rules and semantics
later" approaches.  So do many others around the IETF.   Let's not
make that mistake again.

   john




--On Thursday, February 12, 2026 17:30 +0100 Rohan Mahy
<rohan.mahy@gmail.com> wrote:

> Hi Patrik,
> I am aware that there is plenty more work to be done if we wish to
> go down this path, but without a concrete BNF example, very few
> people were going to understand the flexibility and complexity of
> choosing this path. If we decide we want to do this, I am happy to
> help with the rest. thanks,
> -rohan
> 
> On Thu, 12 Feb 2026, 16:43 Patrik Fältström, <paf@paftech.se>
> wrote:
> 
>> I have now looked at the change in the BNF, and as John I would
>> say that "that is not good enough". For a change like that to be a
>> solution, arguments are needed why that solves all issues with
>> "equality" between two strings. This regarding comparison, display
>> and sorting.
>> 
>> In short and different words than what John wrote, two unicode
>> strings behave completely different than two ascii strings.
>> 
>> See for example this blog post of mine from July 31, 2008: <
>> https://paftech.se/notes/683/>
>> 
>> My suggestion is because of this to first decide whether these
>> identifiers REALLY need to handle wider charset than ASCII. If
>> that is the case, then look at the various already in the IETF
>> (and elsewhere) created solutions to the very complicated problem
>> that John refer to. Choose one of them, and do not invent
>> something yourself.
>> 
>> And, explain in plain text what "the same" or "equality" means
>> (and not) for two identifiers that might have different content in
>> the form of zeroes and ones, but should be treated as equal for
>> example when being displayed (for phishing situations for example).
>> 
>> Patrik
>> 
>> On 12 Feb 2026, at 16:19, John C Klensin wrote:
>> 
>> > These issues have been (IMO minimally) addressed in RFC 9839,
>> > more
>> extensively (especially for identifiers) in the PRECIS documents
>> (Cf.
>> > at least RFCs 8264-8266), and, as Patrik points out, for domain
>> > names in
>> the IDNA2008 documents (starting with RFCs 5890-5894 and updates
>> to them). Or, if you don't like IETF specs, at least look at
>>  Unicode UAX #31.
>> > 
>> > It may be that none of those exactly meet your needs but,
>> > especially if
>> they don't, experience suggests that you need more specification
>> than "just allow the code points in encoded form" and/or fairly
>> extensive treatment of the issue in the document's Security
>> > Considerations.
>> > 
>> > Procedurally, if any of these changes are to be made, it is
>> > entirely
>> inappropriate to introduce them into the document and approve them
>> as part of, or after, this Last Call -- the document needs to go
>> back to the WG for discussion (and understanding) of the issues
>> and tradeoffs involved with the motivation for the documents
>> mentioned above as one starting point.
>>

v2.39.1 | Report a Bug | By Email | System Status