IETF Logo Mail Archive

Re: [I18nrp] Additional input needed for i18nRP BOF

Larry Masinter <LMM@acm.org> Fri, 08 June 2018 23:43 UTC

Return-Path: <masinter@gmail.com>
X-Original-To: i18nrp@ietfa.amsl.com
Delivered-To: i18nrp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6B9D130DE0 for <i18nrp@ietfa.amsl.com>; Fri, 8 Jun 2018 16:43:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.392
X-Spam-Level:
X-Spam-Status: No, score=-1.392 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gyhiSUL2_bc for <i18nrp@ietfa.amsl.com>; Fri, 8 Jun 2018 16:43:16 -0700 (PDT)
Received: from mail-pl0-x229.google.com (mail-pl0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51B0A130DC0 for <i18nrp@ietf.org>; Fri, 8 Jun 2018 16:43:16 -0700 (PDT)
Received: by mail-pl0-x229.google.com with SMTP id a7-v6so6618732plp.3 for <i18nrp@ietf.org>; Fri, 08 Jun 2018 16:43:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=cwxeC/UjPB6rj1/SvzKTfwAdj3wtK7gvv8yWeMONOVo=; b=ZpftxEq06xLZFxJcqSAC71mtJfVqOA2ATpT5gJNfHl0slRYmH9tF/1hW/PZ2U23a7K yH/UB1IGQhrLAqwGTXuhaMOlsNIs0dyLlDzGD+ffRVsaesFN9MM0/qgeD7bLtYZ6vpvU cycGRT5TYyPDfgX95AowoPJc9t22KwTFfx+8wDH1LXo2jxVfMHigbxMYwvNTCgKrIEX2 1ayiKMdlmEwG7tgmN/+YI9Eq/iXsXsfcg3r86bkfjN16fFcRIOEC3YOOyw6asvRvYPOJ uV3+5qvIqUvHACnvkSK5IHKp2uHySx28+mx7mhlFtm28C7BJyfUp17Ck/vQgfX3IeyJM xa+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:references:in-reply-to:subject :date:message-id:mime-version:thread-index:content-language; bh=cwxeC/UjPB6rj1/SvzKTfwAdj3wtK7gvv8yWeMONOVo=; b=t/JIPArIU6SmJgLKG3imAzTlRj5Rb5y5bFIpKcLqKAI/csNh9USHJ4/vHEqC8Iom4L NYDWaOqSNSAf+O5VK4S0cA05MFFqW7TjkhIx/ORtrGiD6lfqs0gOh3S2XONuIZ3oB51j A2zxYtqc1YHiMmgRHVkpS0HVWs84VaNoUx43BZUENQiHdTfY5To+buqn+UFwiVcmA2rB Rp3MjQr/OX5EvYy0Ftc4T3VRZ4Gk304+nwio55Qi1SdZ407AMD6NWr9R5dED1jLM1dvO Sd2Uiflfk4kES1qhTU87ZxvPlRXuJkQwUWLi6NQ/PzXorxpVJPcybf7QbX+LJMWlVDoU bgnA==
X-Gm-Message-State: APt69E1kr+4OGsQ57/7HG2DOdOEota5r78qJr8+DG6zT5W1gHSEwUC+m a9FjrvYOMFxPqjxOyg4Sn7a+M514
X-Google-Smtp-Source: ADUXVKIWmwo2k+eL7bjrNN4O3sCcIiSzCn8MAgB9CzjKgSsfvTux42DcnrJ9gT0i7/ucAA6nnvP17A==
X-Received: by 2002:a17:902:7d09:: with SMTP id z9-v6mr8479681pll.233.1528501395839; Fri, 08 Jun 2018 16:43:15 -0700 (PDT)
Received: from TVPC (c-24-6-174-39.hsd1.ca.comcast.net. [24.6.174.39]) by smtp.gmail.com with ESMTPSA id q19-v6sm9551490pff.9.2018.06.08.16.43.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Jun 2018 16:43:14 -0700 (PDT)
Sender: Larry Masinter <masinter@gmail.com>
From: Larry Masinter <LMM@acm.org>
X-Google-Original-From: "Larry Masinter" <lmm@acm.org>
To: "'Adam Roach'" <adam@nostrum.com>, "'John C Klensin'" <john-ietf@jck.com>, <i18nrp@ietf.org>
References: <f997170c-3062-0241-e58d-7a3415fba983@nostrum.com> <CE6F76BB323F1555D6B217A5@PSB> <013f01d3ff5c$4aa68ee0$dff3aca0$@acm.org> <8f595761-129a-f1ab-9346-0e09706fbdbf@nostrum.com>
In-Reply-To: <8f595761-129a-f1ab-9346-0e09706fbdbf@nostrum.com>
Date: Fri, 8 Jun 2018 16:43:14 -0700
Message-ID: <01d701d3ff82$788c7a60$69a56f20$@acm.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01D8_01D3FF47.CC2E65B0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQI/lRMnlZ0H8fBxFRZNABPbeBrOuQIlorxJAYcnC8UBfQWsG6NWfBkQ
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/i18nrp/eF7Uk_bsRgIbTJ-9V_Ya_wGJxIw>
Subject: Re: [I18nrp] Additional input needed for i18nRP BOF
X-BeenThere: i18nrp@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Internationalization Review Procedures <i18nrp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i18nrp>, <mailto:i18nrp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i18nrp/>
List-Post: <mailto:i18nrp@ietf.org>
List-Help: <mailto:i18nrp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i18nrp>, <mailto:i18nrp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 23:43:18 -0000

I’m trying to address what I think is a ‘process’ question:

Dealing with unintentional confusables is not something that ‘more specifications’ can address, because what makes something confusable depends on too many factors that are transient, because the people who want a name with a problem they might not be aware of won’t care about the other 99% of bad cases, they just want THEIR name. 

 

Procedurally:

 

*	Stop trying to make standards-track documents about how to normalize names. 
*	Widely available services or tools for avoiding confusable names would be handy, but they can err on the side of caution. 
*	 An informational document might be useful, perhaps starting with insightful emails on the list.

 

Dealing with malicious confusables is mainly a security issue. You don’t need to know any of the details of whether something is or isn’t confusable except to acknowledge that the there is no complete agreement on how to compare Unicode strings and agreement is unlikely in the foreseeable future. 

 

Procedurally:

 

*	Introduction of confusables is part of the attack surface that the “Security Considerations” of any protocol with i18n elements must address. No separate I18N-considerations necessary.
*	Document how current services deal with confusables and mitigate the problems (phishing, domain name poaching, etc.) in a BCP if you can get some agreement on which Current Practices are Best.

 

I’m trying to address process by suggesting things that IETF might be able to make progress on without new acquisition of expertise. 

 

Larry

 

From: Adam Roach [mailto:adam@nostrum.com] 
Sent: Friday, June 8, 2018 12:34 PM
...

 

Thanks, Larry. It's good to hear from you.

This seems like sound advice. I'll point out that we're trying to determine a *process* for addressing i18n issues rather than addressing the actual issues right now.

v2.8.7 | Report a Bug | By Email