IETF Logo Mail Archive

Re: Possible BofF question -- I18n

Barry Leiba <barryleiba@computer.org> Tue, 05 June 2018 09:11 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1563130F29 for <ietf@ietfa.amsl.com>; Tue, 5 Jun 2018 02:11:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIYh0Kdq-gzY for <ietf@ietfa.amsl.com>; Tue, 5 Jun 2018 02:11:01 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515BC130F28 for <ietf@ietf.org>; Tue, 5 Jun 2018 02:11:01 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id y127-v6so12710961itd.1 for <ietf@ietf.org>; Tue, 05 Jun 2018 02:11:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Ys7+IbwaPQBxzmyH6ZtHEPMIDJIbHYgDi2caVy3km80=; b=cs5szS8BH/Sk+KJaSszdXmTxk5bNSI9Y55B41ZZyPDc24ccgEqkNOm3gD5y/BIMddr PpuLnbpbkfXlmxeB0StIsewPE70ZF0aAB9JlE3LlUzB01ARoksOxd3FQskNKfGjhxm/F 72M39u7PYpnJwZB0N3ggGuLYbBj/G3nRBoIwMJdHH53p1aVafEi9ELMm1QYUF5eUnOed kMv5lpC+jln+8AohlE3HZIZjiF+2U/ARjhcShzJg9j/F0T+GdZhfGHmoBwmRC7+tVgal DX6JXRBrQJvHrJC/qr7GxXwvoqgTHa+Reh6Gxxe22TN/3LBTGCDsuEK2N8D+b9dcv46C 3JOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Ys7+IbwaPQBxzmyH6ZtHEPMIDJIbHYgDi2caVy3km80=; b=HyKfIpC+DgVA2PDox6rhdRT7+/OKrGxSgfzZ+HIgdkqKGKd0J6O8DA7CKPUMMss/wq luYgWCJ4sSz+ifJdw0ZnS8Ah2xvoMbOserFZu1XkC7BK6hzKXFCP5khD9Kr1iFEloqhf LoP2E+EQORIfdgGuFpug503AHsIewYYghSGZKGCc8t58q+/f+E6rMAZmoEnGTR3f4Xm1 hgd2HrvV4ZcWnGCcKL8xZ4rOTDRWk+2lqqBNB63Hjp1pTBq4icorMZgMKtW0IqhVp+iK zlsjjD6742gxzWveSSg+YHUQUyMb71ggxn1SrfzaSmOl4RdehC0MWtsCiROjSfdqShCr PfRQ==
X-Gm-Message-State: APt69E2aVjer00SM6+oBrRaZbkJRAWTUgZLzldjaVdXUnpOkYQg4sEZ/ r4ko+Z9EZmbU40MzlX55YvGo2u0JqFrpqDj0qo4=
X-Google-Smtp-Source: ADUXVKLbaIfP8IQtLTQl/Kn42wYP72Hly2Vhb0fGuoqS0liERG+iJmp43p4zBajwLVx1V3IYCjhGWHcgDRtyvIbjxr4=
X-Received: by 2002:a24:f007:: with SMTP id s7-v6mr19060336ith.15.1528189860410; Tue, 05 Jun 2018 02:11:00 -0700 (PDT)
MIME-Version: 1.0
Sender: barryleiba@gmail.com
Received: by 2002:ac0:8ea1:0:0:0:0:0 with HTTP; Tue, 5 Jun 2018 02:10:59 -0700 (PDT)
In-Reply-To: <01e301d3fcaa$54a648e0$4001a8c0@gateway.2wire.net>
References: <383c2404-7beb-63e9-b2b2-e75fd1b174f1@mozilla.com> <20180601041949.GH14446@localhost> <A13FFF23-49BD-459D-8B5B-D3448154EEBC@frobbit.se> <20180601151053.GI14446@localhost> <2584adb9-1622-8b49-7236-ecc7dd374974@mozilla.com> <alpine.OSX.2.21.1806011219340.7621@ary.qy> <CAK3OfOgv33SJiPJ6ypo8k5hcpnjcJdRso6EXb9b12YNcdDgMUg@mail.gmail.com> <6c5d5618-74a5-dcc8-d818-89243a41f307@gmail.com> <20180603061350.GM14446@localhost> <d125f213-c096-1e93-0a6e-ffdfc55a7ac6@gmail.com> <20180605031021.GO14446@localhost> <CAC4RtVAHd37mHFv7TypVdKATtHtBNX0pEszbn+ke5RMh-oExMA@mail.gmail.com> <01e301d3fcaa$54a648e0$4001a8c0@gateway.2wire.net>
From: Barry Leiba <barryleiba@computer.org>
Date: Tue, 05 Jun 2018 05:10:59 -0400
X-Google-Sender-Auth: vWSrzOfCwj8ahmWnNromfHXDRBQ
Message-ID: <CALaySJKd9WhZVh6kpmn7wECitKoPWC59TFe-WtD+_3YqLvFgpg@mail.gmail.com>
Subject: Re: Possible BofF question -- I18n
To: "tom p." <daedulus@btconnect.com>
Cc: IETF general list <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/kSROxjAIn1Wpzgax9OUPocUlZfI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 09:11:04 -0000

> This is a cut out and keep e-mail that I shall still be referring to in
> 10 years time because it summarises so beautifully the problems.

:-)  Thanks, Tom; glad to help.

> Two thoughts.  One is that your e-mail displayed superbly (the only
> glitch being that my MUA did not differentiate the Cyrillic character)
> so I looked at the encoding
>
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> so that is something we got brilliantly right a long time ago.

Indeed; when it's used properly -- which, as you note, it isn't
always, we do have the representation mostly taken care of in email
and web.  Though note that bi-directional issues still come up all the
time, and that's a nasty one.

> My second thought is that much has been done in the IETF on security in
> recent times but have we done enough to at least publicise, if not
> eliminate, the scope for evil actors to exploit confusable and suchlike
> characters by saying that they SHOULD NOT be used anywhere where it
> matters for security - people SHOULD NOT be handed the rope with which
> to hang themselves on a plate:-) - I suspect not.

Security is a biggie, especially when we're looking at security
interoperability -- when different systems, or different parts of the
same system, answer some of these questions differently, we have a
problem.  This showed up recently in a way that didn't even have I18N
involved: mix one email system that ignores "." in mailbox names with
one that doesn't (for example, Gmail thinks that "barryleiba" and
"barry.leiba" refer to the same mailbox, and Yahoo! thinks they're
different mailboxes) and you have a recipe for a security exploit.
I18N issues can multiply that exposure many times.

And to be clear about my purpose in posting what I did:
I do not want answers in this forum to the questions I raised: the
point was not to do I18N design work on this list.  I brought up the
questions simply to show how difficult the problem can be, and how
there are many aspects to it that even experts may miss.  Let's not
get wrapped up in showing that any particular issue has solutions.
Rather, let's understand how difficult it is to "solve the problem" in
general, and how hard it is to find people with enough breadth of
experience to work on the big-picture issues effectively.

Barry

v2.23.0 | Report a Bug | By Email