IETF Logo Mail Archive

Re: [Idna-update] emoji and security

Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 14 March 2018 01:18 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: idna-update@ietfa.amsl.com
Delivered-To: idna-update@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 425571250B8 for <idna-update@ietfa.amsl.com>; Tue, 13 Mar 2018 18:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=NxUMYWAL; dkim=pass (1024-bit key) header.d=yitter.info header.b=P3kWWcDW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yc3PkODjEvSw for <idna-update@ietfa.amsl.com>; Tue, 13 Mar 2018 18:18:19 -0700 (PDT)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8C44124BFA for <idna-update@ietf.org>; Tue, 13 Mar 2018 18:18:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id A36ACBE780 for <idna-update@ietf.org>; Wed, 14 Mar 2018 01:18:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1520990297; bh=WcG+DXV8MYqeffECu/hw6pXJae5XXhLuAw4sODvJxe8=; h=Date:From:To:Subject:References:In-Reply-To:From; b=NxUMYWALzT+P+SbbLAyyQAnKNdvymp29RD8Cwy9uwSjMK+yj4ACYtEOp6au6j9x04 P+wtaWtHfe9ItrsOyog57c9PbFIepEI4EuM39cuePoWTM1ISSS/GixYgosd8g8pP0G 2h70U1GbPCXXguMcRg0DEVGIpxxgHetCdtAcudfw=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f07Mk6CPdopn for <idna-update@ietf.org>; Wed, 14 Mar 2018 01:18:16 +0000 (UTC)
Date: Tue, 13 Mar 2018 21:18:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1520990296; bh=WcG+DXV8MYqeffECu/hw6pXJae5XXhLuAw4sODvJxe8=; h=Date:From:To:Subject:References:In-Reply-To:From; b=P3kWWcDWWnwxPLvjf90FYg23jYltsAR8/FNp1uFrEPKrbp7yYsHO6ET/5AdAPHfRJ sbpM256rKb0gflu02Kfwss4/t7xt/kxeQIs9QM/Hc34Yk8dw5IiG3J6vcVDDkNpdhx /oGDJYYQZSwp2x39J8IHpLkX2vfHyMCTvDMnx2mU=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: idna-update@ietf.org
Message-ID: <20180314011813.2vhpqle3bt726tbb@mx4.yitter.info>
References: <533bb471-da9b-64d0-76aa-a8a1251d256b@ix.netcom.com> <DM5PR1901MB219712F39A6297F9A147312DA2D30@DM5PR1901MB2197.namprd19.prod.outlook.com> <20180313202505.ztersmy2z5xuxlvp@mx4.yitter.info> <DM5PR1901MB2197A704B3233E5236EB703AA2D20@DM5PR1901MB2197.namprd19.prod.outlook.com> <ac2e51de-a9ad-c8ee-96b0-5b50a0e225c4@ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ac2e51de-a9ad-c8ee-96b0-5b50a0e225c4@ix.netcom.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/idna-update/z11ZoDBptHiFCtsRa1t49SFoNuc>
Subject: Re: [Idna-update] emoji and security
X-BeenThere: idna-update@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Internationalized Domain Names in Applications \(IDNA\) implementation and update discussions" <idna-update.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idna-update>, <mailto:idna-update-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idna-update/>
List-Post: <mailto:idna-update@ietf.org>
List-Help: <mailto:idna-update-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idna-update>, <mailto:idna-update-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 01:18:20 -0000

On Tue, Mar 13, 2018 at 05:09:29PM -0700, Asmus Freytag wrote:

> It would have been easy to restrict IDNA 2008 to modern scripts only

Easy for _whom_?  The IETF just does not have that expertise, which
was something we had demonstrated pretty nicely using IDNA2003.  What
the IETF needed was a way of avoiding the problem of evaluating
particular code points, and so the Unicode properties were the path.

> However, many non-modern scripts are really not suitable for general
> identifiers: there's not a body of working expertise on where the problems
> are with them. It's arguable that they should (have been) kept out of second
> level domains altogether, because nobody who includes them in a registry can
> be said to have done so understanding the consequences, therefore implicitly
> violating the prescription in RFC 5891.

But the IETF does not have, and does not want, authority to "keep them
out".  That's a policy question, and one rather far from the IETF's
area of expertise.  Indeed, that division of labour is precisely why
the IANA root zone registry policy is set by someone other than the
IETF, which sets the policies for IANA protocol parameter registries.

> similar-looking code points), it's bordering on the absurd to stop all work
> on updating IDNA 2008 over the case of a single Arabic addition that isn't
> even an exact homoglyph

But that is not, as I think you know perfectly well, why in the past
the IAB asked for additional work and a pause.  The IAB made that
request because it was necessary to do a bunch of work to understand
the issues and attempt to get a grasp on what the overall implications
are.  I think that was a good idea, because proceeding as one ever did
without understanding how one was wrong in one's assumptions is pretty
foolish.  I think there has been considerable work done in the
meantime, and it might well be that conditions have changed (I am not
the IAB, so I can't speak about that).

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.8.7 | Report a Bug | By Email