IETF Logo Mail Archive

Re: Possible BofF question -- I18n (was: Re: Possible OBF question -- I18n)

Nico Williams <nico@cryptonector.com> Sat, 02 June 2018 00:09 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7A7124217; Fri, 1 Jun 2018 17:09:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BO318BGRKHGi; Fri, 1 Jun 2018 17:09:33 -0700 (PDT)
Received: from homiemail-a86.g.dreamhost.com (homie-sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 902C9120047; Fri, 1 Jun 2018 17:09:33 -0700 (PDT)
Received: from homiemail-a86.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a86.g.dreamhost.com (Postfix) with ESMTP id 7323E900012A; Fri, 1 Jun 2018 17:09:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=UGcWspJ3VGH3Zi SwuDOmzkQ1IM4=; b=s0SlSbzfnUYtzJl6Ch4UZpONnLaIslfX8jSsshzavfAjdq ell389tuUQr2PUgbTmk7yspNxPev94y872d6KJjmom8bAuo8M3xCnJFj56BEqV7t JahD/kegQ45j/IwUQJwsyvDovEj75A7VDr8nA17J6DoU3x6yDPBr//X5UZMXI=
Received: from localhost (unknown [12.31.71.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a86.g.dreamhost.com (Postfix) with ESMTPSA id 55A659000106; Fri, 1 Jun 2018 17:09:30 -0700 (PDT)
Date: Fri, 01 Jun 2018 19:09:23 -0500
From: Nico Williams <nico@cryptonector.com>
To: John C Klensin <john-ietf@jck.com>
Cc: IETF general list <ietf@ietf.org>, art-ads@ietf.org
Subject: Re: Possible BofF question -- I18n (was: Re: Possible OBF question -- I18n)
Message-ID: <20180602000921.GJ14446@localhost>
References: <862E5704FEE30E9EFA684961@PSB>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <862E5704FEE30E9EFA684961@PSB>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/8sW3hq-Jc5_iQ_4dLNPaj_bnHbs>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2018 00:09:36 -0000

On Fri, Jun 01, 2018 at 05:14:08PM -0400, John C Klensin wrote:
> Now a few comments on recent postings (after I went to work on
> the template).  

> * I think it would be a just dandy idea to require an "I18N
> Considerations" section in every I-D or RFC.  I see only two
> problems with it.  One is that we've had such a requirement for
> documents that do have i18n issues for 20+ years and it hasn't
> helped.  [...]

Please be specific.  What failures have we had.

> * Crypto expert mindsets -- I agree with John Levine on this.
> FWIW, a few of us have made the observation that this i18n area
> is easy to learn about for one class of people.  Not impossible

The condescension is thick in this one.

> * Mentions of UTR#46 in general I18N contexts may be close to

Finally.  900 words and this is the one specific thing, but not that
specific either:

> mentioning Hitler under Godwin's Law.  It is strictly about IDNs
> and not the general problem; its current version makes
> assumptions equivalent to domain names not needing to be treated
> as having important properties of identifiers; etc.  As I said,
> I don't think this BOF effort is about particular protocol
> issues.  However, as a non-protocol issue (and maybe the point
> John Levine was trying to make) due in no small measure to
> UTR#46 and the homebrew updates to IDNA2003 it has encouraged,
> we have a large number (perhaps dozens) of interpretations about
> what IDNA is "really" about and what the requirements "really"
> are.   That is an operational and user predictability problem, a
> security problem, etc.    
> 
> "No urgency"?  Only if one wants to see the IDN situation
> deteriorate to the point that systems that are concerned about
> privacy, malware, etc., will simply filter out all of them as a
> good tradeoff against the risks.
> 
> And, again, I see IDNs as one issue here among many, not the
> only or even the key issue.

Is this an elliptical way of alluding to confusables issues?

Can you boil things down to a small set of bullet items?

 - IDNs and confusables?

 - I18N and human rights?

   (what's that got to do with Internet protocols?  sure we have to make
   sure they internationalize, but we already knew that long before
   anyone made the connection to human rights)

 - something else?  what?

Please also list any high-profile failures of the IETF in this space.

Keep it brief out of consideration for your readers' time.

BTW, regarding IDNs and confusables, I'm going to restate my previous
position on that:

a) it _is_ possible to write code to detect confusables issues (lots of
   people are doing this; I've seen several repos in github implementing
   Unicode confusable detection)

   Of course, confusable detection is best done with UC standards (there
   is one, but is it complete?).  There is no role for the IETF in this
   one.

b) we can't make the registrars do the right thing

c) we can't make the registries make the registrars do the right thing

d) we can't make ICANN make the registries make the registrars do the
   right thing

e) we _can_ give advice to ICANN and the registries, and the advice
   should be that they make up registry-specific policies as to
   confusables, and we should make up some sample policies

f) besides giving ICANN and the registries advice, there is nothing for
   us to do here.

   It isn't possible to construct a one-size-fits-all-registries policy
   for IDNA -- the registries would reject such a thing.  Dictating such
   a policy in IDNA would be inappropriate and very unpopular -- don't
   do it.

g) the best default policy would be to construct a "canonicalized" form
   of any proposed domain and allow only one domain for each
   "canonicalized" form

   For example, "paypal" and "paypa1" could be considered equivalent in
   some policy, with "paypal" the canonical form, and only one of those
   two allowed in the given registry.  A registrant could be allowed to
   have all equivalent forms of a domain's canonical form.

   Note that such a policy can be implemented (see (a)), but also that
   the uniqueness check can only be made by the registry, therefore we
   cannot dictate this in IDNA.

Nico
--

v2.23.0 | Report a Bug | By Email