IETF Logo Mail Archive

Re: [I18nrp] Conservatism principle doesn't go far enough

"Asmus Freytag (c)" <asmusf@ix.netcom.com> Mon, 04 February 2019 02:52 UTC

Return-Path: <asmusf@ix.netcom.com>
X-Original-To: i18nrp@ietfa.amsl.com
Delivered-To: i18nrp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91431130DE4 for <i18nrp@ietfa.amsl.com>; Sun, 3 Feb 2019 18:52:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ix.netcom.com; domainkeys=pass (2048-bit key) header.from=asmusf@ix.netcom.com header.d=ix.netcom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O42hfmB56nNK for <i18nrp@ietfa.amsl.com>; Sun, 3 Feb 2019 18:52:39 -0800 (PST)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4AE912F295 for <i18nrp@ietf.org>; Sun, 3 Feb 2019 18:52:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ix.netcom.com; s=dk12062016; t=1549248759; bh=WAimrfKt+trJzRXzv8S3YOOEkvt5GndE/tOi pAs3axE=; h=Received:Subject:To:Cc:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Language: X-ELNK-Trace:X-Originating-IP; b=GwJ0aIsFxffsBLh2m7FoSx00dc6fn7gJf GDkweCbpo5spDRGhK5eWt1NcjhEAg2J27Ba6gPYWHBol9xE5xEPGXGleI8kmOHfiBRc UeB5Ya6jzzzCcFKvJvpaRobR2zmuhqMIYTkkj7oFuKMbBr8viz6ck4NOmFqfLa+chID et53mGVWWz4mRBu+NhsQzrlsK0KiEfR9A2lVBTjffhYadidVYNoHMDoNY0AR9zMvs1+ yfWGj0qHjGER/ol9rVKO99+/NMp3rf1bVoTLW6o6FrF/9Sfi/+uAPghUbSwuAZ+qYts wT/mgZtDIHFaxuZCpfMC16MmLX2nRHkyPleYV1L4w==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk12062016; d=ix.netcom.com; b=RCcZ6rlFgI/MJYUwRaWvlV7aS3OK6ASi+eYvAeSr7jnPgvTf6bupjisFGQv8cZKPJ3a014wyorDwjAMTkAN2SulcCWzHtYJ435N9K8t258bVl7XCFXFwl9PGRtVxHwcSxFiq9Bry6vLqXQuJ2I6NGoeg0v0yovS/3uDZ7xIgeCXvhgYtiKz+O0gS27nZEgDM4UweWSHVMatXqQDm+57cg7s+nolRCw2iv9zrlGhqRegdtCm5E96XVN9Faas2vCjuJCcxku+NebWptmRR3ge0tnIhAooTPGcQexdQemnbIUI8o7u2Fo3AnTwVdWIkkamf68zwas8c2OT4TlC4izwYfw==; h=Received:Subject:To:Cc:References:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Language:X-ELNK-Trace:X-Originating-IP;
Received: from [71.212.3.155] (helo=[192.168.0.5]) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <asmusf@ix.netcom.com>) id 1gqUNB-000252-KW; Sun, 03 Feb 2019 21:52:37 -0500
To: Nico Williams <nico@cryptonector.com>
Cc: i18nrp@ietf.org
References: <20190201021802.A5160200D93BBA@ary.qy> <4C0F3C8D65FB57C697E72F8D@PSB> <016001d4bb75$15350130$3f9f0390$@acm.org> <a956b63b-cff0-5df3-b7fc-511274542349@ix.netcom.com> <20190203234846.GA4108@localhost>
From: "Asmus Freytag (c)" <asmusf@ix.netcom.com>
Message-ID: <1c176e53-2f27-ca83-7e59-52099021ddcd@ix.netcom.com>
Date: Sun, 03 Feb 2019 18:52:38 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <20190203234846.GA4108@localhost>
Content-Type: multipart/alternative; boundary="------------38B4488BF2D4C8A5102297AF"
Content-Language: en-US
X-ELNK-Trace: 464f085de979d7246f36dc87813833b28d93432b0f0788b95bbd661292922402e7cd1b16490fc7e4350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.212.3.155
Archived-At: <https://mailarchive.ietf.org/arch/msg/i18nrp/gwFEeu1jZfUq-JTKZk8wLSY61sw>
Subject: Re: [I18nrp] Conservatism principle doesn't go far enough
X-BeenThere: i18nrp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Internationalization Review Procedures <i18nrp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i18nrp>, <mailto:i18nrp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i18nrp/>
List-Post: <mailto:i18nrp@ietf.org>
List-Help: <mailto:i18nrp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i18nrp>, <mailto:i18nrp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2019 02:52:43 -0000

On 2/3/2019 3:48 PM, Nico Williams wrote:
> On Sat, Feb 02, 2019 at 11:52:45PM -0800, Asmus Freytag wrote:
>> On 2/2/2019 8:01 PM, Larry Masinter wrote:
>>> But I think this is counter-productive and wrong. If you're showing someone
>>> a URL which is not in normal form, normalization will lose this critical
>>> information. Better to just display the punicode for any unnormalized
>>> domains.
>> I'm missing something here. What "critical" information (other than the
>> normalization state) is it that gets lost?
> There's a confusable issue, isn't there?  If you show me a URI which if
> I were to type in would take me elsewhere...  That is an important bit
> of information.

I see this issue in case mapping, but can't come up with a normalization 
example.
Hence my question.


>   If DNS servers just had had to implement normalization-
> insensitive matching, that wouldn't be a problem a tall, but obviously
> we couldn't get DNS servers to do anything other than ASCII case
> insensitivity.


The user doesn't care what's on the server. The user cares what's 
displayed in the URL / address bar.

>
> Whether the punycoded name is displayed, or perhaps U-labels are
> displayed but in some fashion as to make the danger clear (in a loud red
> font, say, modulo accessibility), is another story.  I think I'd prefer
> to see the Unicode and some danger warning, or perhaps hide the URI and
> when I try to see it tell me it's dangerous and why.

Still like to see the specific scenario you guys are thinking about.
>
>> There are some scripts where ordinary text is most likely not normalized and
> Ordinary text, as in prose from some document, yes, but security-
> relevant identifiers generally need to be normalized.
Right, but that means they are not normalized when type as URL into HTML 
source or into an address field on a form.
>
>> where it's also not necessarily trivial for users to enter normalized text.
>> Should all of those URLs get displayed as punycode?
> Users cannot be expected to enter normalized text, naturally (how could
> they?).  Normalization has to be a software function, and a non-
> negotiable part of the interface; somewhere, security-relevant
> identifiers must be normalized.
No disagreement here. However, the question was, should all string that 
are entered by users as unnormalized be displayed as A-labels?
>
> Again, in some systems one could just normalization-insensitive
> matching, but DNS cannot be such a system, therefore for DNS we must
> normalize on create.

No disagreement here; we were talking about how to "display" something - 
that's not a function of the DNS.

A./

>
> Nico

v2.23.0 | Report a Bug | By Email