IETF Logo Mail Archive

[idn] Re: stability

Simon Josefsson <jas@extundo.com> Wed, 16 March 2005 09:44 UTC

Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA26765 for <idn-archive@lists.ietf.org>; Wed, 16 Mar 2005 04:44:39 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1DBUzD-000DPC-9N for idn-data@psg.com; Wed, 16 Mar 2005 09:38:43 +0000
Received: from [217.13.230.178] (helo=yxa.extundo.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.44 (FreeBSD)) id 1DBUz9-000DO9-I0 for idn@ops.ietf.org; Wed, 16 Mar 2005 09:38:39 +0000
Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.3/8.13.3/Debian-6) with ESMTP id j2G9cQuD012260 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 16 Mar 2005 10:38:27 +0100
From: Simon Josefsson <jas@extundo.com>
To: Erik van der Poel <erik@vanderpoel.org>
Cc: Mark Davis <mark.davis@jtcsv.com>, idn@ops.ietf.org, "Martin v. Löwis" <martin@v.loewis.de>
Subject: [idn] Re: stability
References: <421B8484.3070802@vanderpoel.org> <p06210208be4390618c81@[192.168.0.101]> <421E0D0C.2000309@vanderpoel.org> <p06210202be43c3888991@[192.168.0.101]> <E07CE813AD23B2D95DA0C740@scan.jck.com> <421E30F2.1040408@vanderpoel.org> <0E7F74C71945B923C52211F3@scan.jck.com> <421EA0C9.1010500@vanderpoel.org> <00a401c51af3$7863aae0$030aa8c0@DEWELL> <A574CA1BE87BFDA3C2A1AC0E@scan.jck.com> <42322CE2.4040509@vanderpoel.org> <4232B2FD.1080104@vanderpoel.org> <4232BA56.5090001@vanderpoel.org> <iluk6odazwb.fsf@latte.josefsson.org> <00e801c528a8$99ad37d0$72703009@sanjose.ibm.com> <ilull8qb5n5.fsf@latte.josefsson.org> <42367B63.6080300@vanderpoel.org> <4237450A.9010901@v.loewis.de> <423754F3.50405@vanderpoel.org> <ilumzt47ezc.fsf@latte.josefsson.org> <423782F0.60604@vanderpoel.org>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Blog: http://www.livejournal.com/users/jas4711/
X-Hashcash: 1:21:050316:idn@ops.ietf.org::14bTs80xYZ5b2w79:02qO
X-Hashcash: 1:21:050316:erik@vanderpoel.org::1nIs4MtuKENPXf/9:1ja5
X-Hashcash: 1:21:050316:mark.davis@jtcsv.com::b8CXp4biopxGYKjT:THmu
X-Hashcash: 1:21:050316:martin@v.loewis.de::l7crShAZG5nRt9H5:S63c
Date: Wed, 16 Mar 2005 10:38:07 +0100
In-Reply-To: <423782F0.60604@vanderpoel.org> (Erik van der Poel's message of "Tue, 15 Mar 2005 16:50:56 -0800")
Message-ID: <ilu7jk86idc.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: ClamAV version 0.81, clamav-milter version 0.81b on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk

Erik van der Poel <erik@vanderpoel.org> writes:

>> I think it may be too late to do a simple flag day and fix things.
>
> Why? Do you believe that there may already be domain labels involving 
> the relevant types of strange character sequences?

No, but I also don't think that should be the metric.  I believe the
RFCs are clear that Unicode 3.2, without the NFKC fix, is what is to
be used today...

> If we don't fix the specs and the implementations, then we may end up 
> with interoperability problems in the future if some strange sequences 
> start to appear or new characters are added to Unicode. PRI #29 already 
> indicates that VeriSign's implementation does not need a change, while 
> idnkit does. I believe Mozilla uses idnkit.
>
> http://www.unicode.org/review/pr-29.html

...so you can't just "fix" the implementations.  If you do, they are
not complying with the RFC's.  If VeriSign implement PR-29, I believe
it doesn't conform to the RFC's.

I think the "needs change" statements on the PR29 page are misleading,
and based on UTC's subjective position on the matter.

See the second mail in the following section for my response:

http://www.gnu.org/software/libidn/manual/libidn.html#PR29-discussion

The issue should be handled in an update of the StringPrep.  If the
PR-29 fix is incorporated, there must a good transition discussion in
the document.  The problem cannot only be discussed in the realm of
IDNA, since StringPrep is used for other purposes as well.  For me,
the most important use is SASLprep, because it is used to prepare
username and passwords.  Hence, it is used in security critical
application, where the requirements are different than from IDNA.  The
discussion must be wider than for only IDNA.

Thanks,
Simon

v2.23.0 | Report a Bug | By Email