Re: Possible BofF question -- I18n
Barry Leiba <barryleiba@computer.org> Tue, 05 June 2018 09:11 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1563130F29 for <ietf@ietfa.amsl.com>; Tue, 5 Jun 2018 02:11:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIYh0Kdq-gzY for <ietf@ietfa.amsl.com>; Tue, 5 Jun 2018 02:11:01 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515BC130F28 for <ietf@ietf.org>; Tue, 5 Jun 2018 02:11:01 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id y127-v6so12710961itd.1 for <ietf@ietf.org>; Tue, 05 Jun 2018 02:11:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Ys7+IbwaPQBxzmyH6ZtHEPMIDJIbHYgDi2caVy3km80=; b=cs5szS8BH/Sk+KJaSszdXmTxk5bNSI9Y55B41ZZyPDc24ccgEqkNOm3gD5y/BIMddr PpuLnbpbkfXlmxeB0StIsewPE70ZF0aAB9JlE3LlUzB01ARoksOxd3FQskNKfGjhxm/F 72M39u7PYpnJwZB0N3ggGuLYbBj/G3nRBoIwMJdHH53p1aVafEi9ELMm1QYUF5eUnOed kMv5lpC+jln+8AohlE3HZIZjiF+2U/ARjhcShzJg9j/F0T+GdZhfGHmoBwmRC7+tVgal DX6JXRBrQJvHrJC/qr7GxXwvoqgTHa+Reh6Gxxe22TN/3LBTGCDsuEK2N8D+b9dcv46C 3JOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Ys7+IbwaPQBxzmyH6ZtHEPMIDJIbHYgDi2caVy3km80=; b=HyKfIpC+DgVA2PDox6rhdRT7+/OKrGxSgfzZ+HIgdkqKGKd0J6O8DA7CKPUMMss/wq luYgWCJ4sSz+ifJdw0ZnS8Ah2xvoMbOserFZu1XkC7BK6hzKXFCP5khD9Kr1iFEloqhf LoP2E+EQORIfdgGuFpug503AHsIewYYghSGZKGCc8t58q+/f+E6rMAZmoEnGTR3f4Xm1 hgd2HrvV4ZcWnGCcKL8xZ4rOTDRWk+2lqqBNB63Hjp1pTBq4icorMZgMKtW0IqhVp+iK zlsjjD6742gxzWveSSg+YHUQUyMb71ggxn1SrfzaSmOl4RdehC0MWtsCiROjSfdqShCr PfRQ==
X-Gm-Message-State: APt69E2aVjer00SM6+oBrRaZbkJRAWTUgZLzldjaVdXUnpOkYQg4sEZ/ r4ko+Z9EZmbU40MzlX55YvGo2u0JqFrpqDj0qo4=
X-Google-Smtp-Source: ADUXVKLbaIfP8IQtLTQl/Kn42wYP72Hly2Vhb0fGuoqS0liERG+iJmp43p4zBajwLVx1V3IYCjhGWHcgDRtyvIbjxr4=
X-Received: by 2002:a24:f007:: with SMTP id s7-v6mr19060336ith.15.1528189860410; Tue, 05 Jun 2018 02:11:00 -0700 (PDT)
MIME-Version: 1.0
Sender: barryleiba@gmail.com
Received: by 2002:ac0:8ea1:0:0:0:0:0 with HTTP; Tue, 5 Jun 2018 02:10:59 -0700 (PDT)
In-Reply-To: <01e301d3fcaa$54a648e0$4001a8c0@gateway.2wire.net>
References: <383c2404-7beb-63e9-b2b2-e75fd1b174f1@mozilla.com> <20180601041949.GH14446@localhost> <A13FFF23-49BD-459D-8B5B-D3448154EEBC@frobbit.se> <20180601151053.GI14446@localhost> <2584adb9-1622-8b49-7236-ecc7dd374974@mozilla.com> <alpine.OSX.2.21.1806011219340.7621@ary.qy> <CAK3OfOgv33SJiPJ6ypo8k5hcpnjcJdRso6EXb9b12YNcdDgMUg@mail.gmail.com> <6c5d5618-74a5-dcc8-d818-89243a41f307@gmail.com> <20180603061350.GM14446@localhost> <d125f213-c096-1e93-0a6e-ffdfc55a7ac6@gmail.com> <20180605031021.GO14446@localhost> <CAC4RtVAHd37mHFv7TypVdKATtHtBNX0pEszbn+ke5RMh-oExMA@mail.gmail.com> <01e301d3fcaa$54a648e0$4001a8c0@gateway.2wire.net>
From: Barry Leiba <barryleiba@computer.org>
Date: Tue, 05 Jun 2018 05:10:59 -0400
X-Google-Sender-Auth: vWSrzOfCwj8ahmWnNromfHXDRBQ
Message-ID: <CALaySJKd9WhZVh6kpmn7wECitKoPWC59TFe-WtD+_3YqLvFgpg@mail.gmail.com>
Subject: Re: Possible BofF question -- I18n
To: "tom p." <daedulus@btconnect.com>
Cc: IETF general list <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/kSROxjAIn1Wpzgax9OUPocUlZfI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2018 09:11:04 -0000
> This is a cut out and keep e-mail that I shall still be referring to in > 10 years time because it summarises so beautifully the problems. :-) Thanks, Tom; glad to help. > Two thoughts. One is that your e-mail displayed superbly (the only > glitch being that my MUA did not differentiate the Cyrillic character) > so I looked at the encoding > > Content-Type: text/plain; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > so that is something we got brilliantly right a long time ago. Indeed; when it's used properly -- which, as you note, it isn't always, we do have the representation mostly taken care of in email and web. Though note that bi-directional issues still come up all the time, and that's a nasty one. > My second thought is that much has been done in the IETF on security in > recent times but have we done enough to at least publicise, if not > eliminate, the scope for evil actors to exploit confusable and suchlike > characters by saying that they SHOULD NOT be used anywhere where it > matters for security - people SHOULD NOT be handed the rope with which > to hang themselves on a plate:-) - I suspect not. Security is a biggie, especially when we're looking at security interoperability -- when different systems, or different parts of the same system, answer some of these questions differently, we have a problem. This showed up recently in a way that didn't even have I18N involved: mix one email system that ignores "." in mailbox names with one that doesn't (for example, Gmail thinks that "barryleiba" and "barry.leiba" refer to the same mailbox, and Yahoo! thinks they're different mailboxes) and you have a recipe for a security exploit. I18N issues can multiply that exposure many times. And to be clear about my purpose in posting what I did: I do not want answers in this forum to the questions I raised: the point was not to do I18N design work on this list. I brought up the questions simply to show how difficult the problem can be, and how there are many aspects to it that even experts may miss. Let's not get wrapped up in showing that any particular issue has solutions. Rather, let's understand how difficult it is to "solve the problem" in general, and how hard it is to find people with enough breadth of experience to work on the big-picture issues effectively. Barry
- Possible OBF question -- I18n John C Klensin
- Re: Possible OBF question -- I18n John Levine
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… John R Levine
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… tom p.
- Re: Possible BofF question -- I18n (was: Re: Poss… John R Levine
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Peter Saint-Andre
- Re: Possible BofF question -- I18n (was: Re: Poss… Donald Eastlake
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… Spencer Dawkins at IETF
- Re: Possible BofF question -- I18n Adam Roach
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n Brian E Carpenter
- RE: Possible BofF question -- I18n (was: Re: Poss… Larry Masinter
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- RE: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… Benjamin Kaduk
- Re: Possible BofF question -- I18n (was: Re: Poss… Peter Saint-Andre
- Re: Possible BofF question -- I18n (was: Re: Poss… Niels ten Oever
- Re: Possible BofF question -- I18n (was: Re: Poss… John R Levine
- Re: Possible BofF question -- I18n (was: Re: Poss… Peter Saint-Andre
- Re: Possible BofF question -- I18n (was: Re: Poss… John R Levine
- Re: Possible BofF question -- I18n (was: Re: Poss… Spencer Dawkins at IETF
- Re: Possible BofF question -- I18n (was: Re: Poss… Spencer Dawkins at IETF
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Stephen Farrell
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n (was: Re: Poss… Spencer Dawkins at IETF
- Re: Possible BofF question -- I18n (was: Re: Poss… Peter Saint-Andre
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Spencer Dawkins at IETF
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Spencer Dawkins at IETF
- Re: Possible BofF question -- I18n Brian E Carpenter
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n John R Levine
- Re: Possible BofF question -- I18n (was: Re: Poss… John C Klensin
- Re: Possible BofF question -- I18n (was: Re: Poss… Nico Williams
- Re: Possible BofF question -- I18n Nico Williams
- Re: Possible BofF question -- I18n Nico Williams
- Re: Possible BofF question -- I18n (was: Re: Poss… Patrik Fältström
- Re: Possible BofF question -- I18n Brian E Carpenter
- Re: Possible BofF question -- I18n Nico Williams
- Re: Possible BofF question -- I18n Barry Leiba
- Re: Possible BofF question -- I18n Viktor Dukhovni
- Re: Possible BofF question -- I18n Christian Huitema
- Re: Possible BofF question -- I18n Nico Williams
- Re: Possible BofF question -- I18n tom p.
- Re: Possible BofF question -- I18n Barry Leiba
- Re: Possible BofF question -- I18n ned+ietf
- Re: Possible BofF question -- I18n ned+ietf