Re: [Idna-update] Last Call: <draft-klensin-idna-rfc5891bis-04.txt> (Internationalized Domain Names in Applications (IDNA): Registry Restrictions and Recommendations) to Proposed Standard

"John R Levine" <johnl@taugh.com> Tue, 06 August 2019 15:32 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: idna-update@ietfa.amsl.com
Delivered-To: idna-update@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC73212036D for <idna-update@ietfa.amsl.com>; Tue, 6 Aug 2019 08:32:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=S11Ll0ce; dkim=pass (1536-bit key) header.d=taugh.com header.b=SRQbnCU9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A48gy-oY2XZ1 for <idna-update@ietfa.amsl.com>; Tue, 6 Aug 2019 08:32:30 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E40131201A2 for <idna-update@ietf.org>; Tue, 6 Aug 2019 08:32:29 -0700 (PDT)
Received: (qmail 86433 invoked from network); 6 Aug 2019 15:32:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1519d.5d499d8b.k1908; i=johnl-iecc.com@submit.iecc.com; bh=LwWAKBeVIoKKLK4IcWPIkzuNvQQX9veco5dl5yNUYMs=; b=S11Ll0ceac30xUAggYiMIw+wGORiM3WDuDyobkN+E1eSHCmeO9yYdhz1B31Uu96GX8XShYmmLFAjt4fNmAjfSSS7pCnbpH11Rm8IAtiFcRXI6CdKErFcYNVlGuAE1SxWbfF4t+nyiQLZ/p1nzc1r9SpKRCfpS3Lvm54ob7P+2s6/6f4pK4NNSO/LcAgdztLI+Ik1zT8qdZ2ypiUhnrobtwtFRQm4u+obHMsFvMXmXXk3OBdCwpfbp2pXtPgt1pBd
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1519d.5d499d8b.k1908; olt=johnl-iecc.com@submit.iecc.com; bh=LwWAKBeVIoKKLK4IcWPIkzuNvQQX9veco5dl5yNUYMs=; b=SRQbnCU9yJFAgJbgsH2qon6rSMtcxtzSow8G3/JZo415TkzmG11iPKUsRAAMA24oGIINZ4mXTx6BEeqAKeWyI7raeVR/BbbJ4n5LeUiX2C04rpWxiFph+y+e0F3OdMkMNmBLkybqdpSse6rAxn19uauxOlr+aQlqa+P7aeZuYZrd4jiulI2OLzdhlsYqPBtLPXFxTtW9ERhCrPWDMNGg5dKjM+EboeKy4/IEk+6tDSMYW+HcM43l26MDniQTk5wf
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 06 Aug 2019 15:32:26 -0000
Date: 6 Aug 2019 11:32:26 -0400
Message-ID: <alpine.OSX.2.21.9999.1908061028360.18609@ary.qy>
From: "John R Levine" <johnl@taugh.com>
To: "John C Klensin" <john-ietf@jck.com>
Cc: "IETF general list" <ietf@ietf.org>, idna-update@ietf.org, i18ndir@ietf.org
In-Reply-To: <B663D09EA32074E66468F515@PSB>
References: <20190806051430.5F8187AD3C0@ary.qy> <B663D09EA32074E66468F515@PSB>
User-Agent: Alpine 2.21.9999 (OSX 337 2019-05-05)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/idna-update/6t1mR_XcnjTuV5B5XuUCJgK9wCY>
Subject: Re: [Idna-update] Last Call: <draft-klensin-idna-rfc5891bis-04.txt> (Internationalized Domain Names in Applications (IDNA): Registry Restrictions and Recommendations) to Proposed Standard
X-BeenThere: idna-update@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Internationalized Domain Names in Applications \(IDNA\) implementation and update discussions" <idna-update.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idna-update>, <mailto:idna-update-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idna-update/>
List-Post: <mailto:idna-update@ietf.org>
List-Help: <mailto:idna-update-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idna-update>, <mailto:idna-update-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 15:32:33 -0000

On Tue, 6 Aug 2019, John C Klensin wrote:
>> Section 4 on "For-Profit Domains" contrasts normal zones which
>> have names that are of use to the zone's owner, and commercial
>> zones where more names mean more money ...

> I am also concerned that Getting this perfectly (or even nearly
> so) right would require much more text and that more text would
> reduce the number of readers.

I agree that shorter is better. How about observing that names that don't 
follow conservative rules are often treated as risky by applications such 
as web and mail, which take countermeasures such as showing them as 
A-labels and making links not clickable.  You can use this M3AAWG BCP as a reference

https://www.m3aawg.org/sites/default/files/m3aawg-unicode-best-practices-2016-02.pdf

If we can figure out some way to say this concisely, security systems 
aggregate data and a TLD with a lot of risky names is likely to be treated 
as risky overall.


>> Section 5.1 updates RFC 5890 section 4.2 to say in part "A 63
>> octet A-label cannot represent more than 58 Unicode code
>> points ..." ...
>
> Thought about doing something like that, but (i) there is
> --quite deliberately and after discussion in the WG-- no UTF-8
> dependency or requirement in the IDNA specs.

Ah, never noted that.  So mostly never mind, although I still prefer 
"up to 58 code points" rather than "limited to 58 code points" to
make it less likely that people will leap to wrong conclusions.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

PS:
> There is also another audience.  As you know from other contexts, I
> believe the whole domain names market is looking more and more like
> a house of cards and that, sooner or later, there will be incidents,
> probably ones in which someone is harmed, ...

I agree it's a house of cards, but I think it's likely to implode
mostly silently.  There have now been 52 vanity TLDs whose owners have
handed them back to ICANN, who has shut them all down since they were
all empty.  There's one dead non-vanity TLD, the bizarrely managed
and tiny .web, which is now frozen in EBERO.  I expect that we'll see
more frozen corpses, but with few enough names overall that nobody
will care.