IETF Logo Mail Archive

Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Thu, 29 June 2023 09:19 UTC

Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <phk@critter.freebsd.dk>) id 1qEnod-00ETJ1-1Z for ietf-http-wg@listhub.w3.org; Thu, 29 Jun 2023 09:19:51 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <phk@critter.freebsd.dk>) id 1qEnob-00Gmci-Et for ietf-http-wg@w3.org; Thu, 29 Jun 2023 09:19:50 +0000
Received: from critter.freebsd.dk (unknown [192.168.55.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by phk.freebsd.dk (Postfix) with ESMTPS id 36D8A89282; Thu, 29 Jun 2023 09:19:44 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.17.1/8.16.1) with ESMTPS id 35T9JhTr008319 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 29 Jun 2023 09:19:43 GMT (envelope-from phk@critter.freebsd.dk)
Received: (from phk@localhost) by critter.freebsd.dk (8.17.1/8.16.1/Submit) id 35T9Jgus008318; Thu, 29 Jun 2023 09:19:42 GMT (envelope-from phk)
Message-Id: <202306290919.35T9Jgus008318@critter.freebsd.dk>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
cc: HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <ZJ1ALI5LKxHb7BSV@LK-Perkele-VII2.locald>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <FC5270AF-509C-4331-AE8F-1F2D51BBC5F2@apple.com> <39E3B9FB-DD37-4D22-A35E-D50DAC512C69@apple.com> <84B0BBBB-6652-4442-88DF-0E3F3FEF5CEF@mnot.net> <202306260714.35Q7E4JR068513@critter.freebsd.dk> <ZJ1ALI5LKxHb7BSV@LK-Perkele-VII2.locald>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8316.1688030382.1@critter.freebsd.dk>
Date: Thu, 29 Jun 2023 09:19:42 +0000
Received-SPF: pass client-ip=130.225.244.222; envelope-from=phk@critter.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1qEnob-00Gmci-Et b6df3e6e916ccfa48bc9f4a69452b6d6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis
Archived-At: <https://www.w3.org/mid/202306290919.35T9Jgus008318@critter.freebsd.dk>

--------
Ilari Liusvaara writes:

> 2) I think it should be specified that any direction change characters
> MUST NOT affect any text surrounding the displayed string. At least
> getting this wrong causes at most some screwed up text rendering.

There is no way to make UniCode safe, because it is anyones guess what
UniCode decides to add later.

I dont think it makes any sense for us to wade into that sump,
beyond a sternly written "Security Considerations" which says
that UniCode is by definition unsafe.

Avoiding any and all hazards related to that /at the HTTP level/, is
why I still think we should base64 encode them, instead of the mutant
percent-with-the-random-backslash-thrown-in currently proposed.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

v2.23.0 | Report a Bug | By Email