IETF Logo Mail Archive

Re: [Idna-update] emoji and security

Michel Suignard <michel@suignard.com> Mon, 12 March 2018 18:21 UTC

Return-Path: <michel@suignard.com>
X-Original-To: idna-update@ietfa.amsl.com
Delivered-To: idna-update@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91C95126B7E for <idna-update@ietfa.amsl.com>; Mon, 12 Mar 2018 11:21:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.79
X-Spam-Level:
X-Spam-Status: No, score=0.79 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=suignard.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MzL9ZN7ZiQgL for <idna-update@ietfa.amsl.com>; Mon, 12 Mar 2018 11:21:27 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0071.outbound.protection.outlook.com [104.47.34.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 940A61200F1 for <idna-update@ietf.org>; Mon, 12 Mar 2018 11:21:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suignard.onmicrosoft.com; s=selector1-suignard-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TfYGEEcq6g5ZykGHyD5M5j7xTkh1j/PxcgrLRViClCA=; b=sF/AmWEwYtKSo92XxutsaLCw20QXnxyV08xJ27XUzypQ7ru/23hYlEIFY98iDRlO8rIuoaw4kiBDc1qLro67B3VGh10+UvGQq9GVEK8B70LoOSv17wjROHOcRAenhMphTiw3ubWve4ty8vw7JM9bpWCVkRszT/NAOXaW6PA4+aw=
Received: from DM5PR1901MB2197.namprd19.prod.outlook.com (52.132.131.160) by DM5PR1901MB2005.namprd19.prod.outlook.com (52.132.132.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Mon, 12 Mar 2018 18:21:25 +0000
Received: from DM5PR1901MB2197.namprd19.prod.outlook.com ([fe80::4c67:e6ac:d64e:4930]) by DM5PR1901MB2197.namprd19.prod.outlook.com ([fe80::4c67:e6ac:d64e:4930%13]) with mapi id 15.20.0548.021; Mon, 12 Mar 2018 18:21:25 +0000
From: Michel Suignard <michel@suignard.com>
To: Asmus Freytag <asmusf@ix.netcom.com>, "idna-update@ietf.org" <idna-update@ietf.org>
Thread-Topic: [Idna-update] emoji and security
Thread-Index: AQHTuiH036Wme2wFFkaQ526XY0gPJqPM5Etw
Date: Mon, 12 Mar 2018 18:21:25 +0000
Message-ID: <DM5PR1901MB219712F39A6297F9A147312DA2D30@DM5PR1901MB2197.namprd19.prod.outlook.com>
References: <533bb471-da9b-64d0-76aa-a8a1251d256b@ix.netcom.com>
In-Reply-To: <533bb471-da9b-64d0-76aa-a8a1251d256b@ix.netcom.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=michel@suignard.com;
x-originating-ip: [23.249.129.130]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR1901MB2005; 7:JpvcogB8sx0iP3jNMd4yDBozqUCH0qMnHX2yMjtlxzHlOX65IbCr9nzXgpkFv8Y+vuUZ+wZU9zX2sqLmslMAvNK0Gy4DGpkyyRnKGcGQ/YqiOTjj6Rjm/mPQ5mU6WuSzGYr71YmsEHuwt68KRb1pN45Dj9Axm6E+0q2udphJAPscYjR/4A9d7MPKZmDF4NBFLGyeSqHJu+Xne7uhrTn+bQLRb8tbKSPLhSzI6WMlrrc9WDZtsstxDwEcgsxwE5NP
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 61447c01-d712-4e4b-af6f-08d5884610c2
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603328)(7153060)(7193020); SRVR:DM5PR1901MB2005;
x-ms-traffictypediagnostic: DM5PR1901MB2005:
x-microsoft-antispam-prvs: <DM5PR1901MB2005DB8AEB9F5BCF4308701CA2D30@DM5PR1901MB2005.namprd19.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(100405760836317)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501244)(52105095)(6041310)(20161123564045)(20161123562045)(20161123560045)(20161123558120)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:DM5PR1901MB2005; BCL:0; PCL:0; RULEID:; SRVR:DM5PR1901MB2005;
x-forefront-prvs: 06098A2863
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(396003)(39380400002)(39830400003)(199004)(189003)(2906002)(6506007)(2501003)(3280700002)(26005)(606006)(10710500007)(76176011)(99286004)(6246003)(14454004)(33656002)(106356001)(186003)(81166006)(7110500001)(81156014)(8936002)(966005)(59450400001)(3660700001)(25786009)(68736007)(102836004)(15650500001)(5250100002)(53546011)(2420400007)(478600001)(5660300001)(7736002)(55016002)(8676002)(6436002)(2900100001)(97736004)(3846002)(53936002)(790700001)(6116002)(561944003)(9686003)(110136005)(7696005)(74316002)(54896002)(6306002)(105586002)(86362001)(2950100002)(236005)(316002)(8666007)(66066001)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR1901MB2005; H:DM5PR1901MB2197.namprd19.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: suignard.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: PJQ5H08nZF0c7X8JOoWskqnC0Tzch459kCJb/o6nbMZ846ki/0m5ZTJWvkBNn4ZF1ZPt4mWi3yCB92/ACluUHfGRQrkR8w58zfE4FwLydFRBu+/fgKbWBiiSUoUYOxjwgn3VSYbok8Pd+ASIf8VSGeKRz/hQQk+mQPjc0wG1ndePVL8xCGxdExDKasHUt0zfTVZRW4GsBIg9dfbbOx2aXo2SpDiURqmy3oCCMOA+Sl3agIZpt4SzujXjnHNcVKk8G+cuMdzYw0vgy73WYqIX3eVqciO/+YhHAtMjOfNqoFQAr5Uh3vLRioEApLSy0oBK2aDRF0jO8c6nBtiUKjlCNQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR1901MB219712F39A6297F9A147312DA2D30DM5PR1901MB2197_"
MIME-Version: 1.0
X-OriginatorOrg: suignard.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 61447c01-d712-4e4b-af6f-08d5884610c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2018 18:21:25.1669 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c72bffc7-022d-442d-a3fe-f53a3fa020d2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1901MB2005
Archived-At: <https://mailarchive.ietf.org/arch/msg/idna-update/Cc1vhhqcbQbpMXZxmiO8PcjOlvg>
Subject: Re: [Idna-update] emoji and security
X-BeenThere: idna-update@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Internationalized Domain Names in Applications \(IDNA\) implementation and update discussions" <idna-update.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idna-update>, <mailto:idna-update-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idna-update/>
List-Post: <mailto:idna-update@ietf.org>
List-Help: <mailto:idna-update-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idna-update>, <mailto:idna-update-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 18:21:30 -0000

PS: the reason I forwarded this is that many people find something
familiar and  accessible about emoji and will not understand why there
should be more security concerns about them than about a bunch
of bewilderingly similar and complex Chinese ideographs or a bunch
of "dawn-of-time-emoji" aka Hieroglyphics, both of which are PVALID.
I could not resist commenting on this, because unlike emoji, Egyptian Hieroglyphs, while looking often like colorful pictures, are the expression of a fully formed writing system with ideograms and phonograms and all the usual attributes of such a system in term of sentence structure. Jokingly I have sometimes said that doom would be near if people realized that you could mix Emoji with hieroglyphs and result in a fully formed writing system.

Jokes aside, the 100s Egyptian hieroglyphs contains hundreds of semantic and phonetic variants and are totally unsuited for any identifier usage and are still fully IDN 2008 PVALID (unless of course you limit the scope using variant sets). And to make matter worse, there is a plan to add few more thousands to cover Ptolemaic era (which would all become PVALID as well if the synchronization is re-enabled). At the same time, we are quite careful at not encoding Hieroglyphs homoglyphs (still most people would not know the difference). (Saying ‘we’ because I am the author of one of these extensions proposal).

Finally, I share many of Asmus’s considerations on the status of IDNA and lack of synchronization with Unicode (we are both on the ICANN Integration Panel, so we do a lot of LGR work together). I am currently at ICANN 61 with some decent free time and willing to do something to make progress.

Best

Michel

From: IDNA-UPDATE <idna-update-bounces@ietf.org> On Behalf Of Asmus Freytag
Sent: Monday, March 12, 2018 9:48 AM
To: idna-update@ietf.org
Subject: [Idna-update] emoji and security


All,

there's a general consensus that emoji and secure IDNs do not go together.

This is clearly not something that's taken for granted by others.

Read down a few messages in this thread on the Unicode list:

https://www.unicode.org/mail-arch/unicode-ml/y2018-m03/0075.html

to find the suggestion of translating security hash codes into strings
of emoji ostensible for easier verification:

"So that makes
me wonder which one would be quicker for a human to verify on average?
Also, which one is more accurate for a human to verify? I have no idea. For
accuracy, it seems like a lot of thought was put into the visual uniqueness
of Unicode emojis. "

Discuss.

A./

PS: the reason I forwarded this is that many people find something
familiar and  accessible about emoji and will not understand why there
should be more security concerns about them than about a bunch
of bewilderingly similar and complex Chinese ideographs or a bunch
of "dawn-of-time-emoji" aka Hieroglyphics, both of which are PVALID.

v2.8.7 | Report a Bug | By Email