Re: [saag] i18n requirements (was: Re: NF* (Re: PKCS#11 URI slot attributes & last call))
John C Klensin <john-ietf@jck.com> Tue, 13 January 2015 03:41 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D58001A8A01; Mon, 12 Jan 2015 19:41:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idBl119rjwEr; Mon, 12 Jan 2015 19:41:18 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 662281A8872; Mon, 12 Jan 2015 19:41:18 -0800 (PST)
Received: from [198.252.137.35] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1YAsLq-0009xY-BE; Mon, 12 Jan 2015 22:41:06 -0500
Date: Mon, 12 Jan 2015 22:41:01 -0500
From: John C Klensin <john-ietf@jck.com>
To: Nico Williams <nico@cryptonector.com>, Pete Resnick <presnick@qti.qualcomm.com>
Subject: Re: [saag] i18n requirements (was: Re: NF* (Re: PKCS#11 URI slot attributes & last call))
Message-ID: <178010D0AA50AAB454E23D84@JcK-HP8200.jck.com>
In-Reply-To: <20150113000854.GW16323@localhost>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF5744C@uxcn10-tdc05.UoA.auckland.ac.nz> <2A0EFB9C05D0164E98F19BB0AF3708C71D55675E67@USMBX1.msg.corp.akama i.com> <20150112045411.GD16323@localhost> <54B45A75.1050503@qti.qualcomm.com> <20150113000854.GW16323@localhost>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.35
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/ttVgsCoJqLwztMm8bRLt1513Agw>
Cc: "Salz, Rich" <rsalz@akamai.com>, ietf@ietf.org, saag@ietf.org, Jan Pechanec <jan.pechanec@oracle.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 03:41:21 -0000
--On Monday, January 12, 2015 18:08 -0600 Nico Williams <nico@cryptonector.com> wrote: >> Given that this particular member of the IESG has >> (successfully) argued vehemently for ASCII-only on multiple >> occasions in the recent past, I would say that your worries >> on that score are overdone. :-) > > Well alright. I'd love to see a set of guidelines for I18N > activities. So would we all. RFC 2277 was supposed to provide some guidance but is now badly obsolete in many different ways, including exhibiting how little we knew about some things at the time. We have, I hope, learned a lot, but see below. > When should we try to support Unicode, and when should we not? > Is it one of those "I know it when I see it" kinds of > guidelines? That wouldn't be useful enough :( Let me suggest a general way of thinking about things -- maybe not quite a "guideline". Especially for security-type protocols, make sure there is a substantive reason, presumably connected to users and user experience, for it to be necessary to go beyond ASCII. I really do mean "necessary": if it is just a good idea in principle or a maybe-nice-to-have or "maybe someone will want this some day", skip it because adding i18n capabilities _will_ make correct and predictable implementations more difficult and _will_ increase the number and range of attack opportunities. > Mind you, IIRC PKCS#11 didn't even say anything about ASCII > before. Token labels and such used to be fixed-sized octet > strings containing character data. Jan can correct me if I'm > wrong. I'm not sure even saying "ASCII-only" would > necessarily be safe in that case... And that reinforces my view that the real, underlying, problem here has to be fixed in PKCS#11, not in anything the IETF puts on top of it. Only they can fix the problems; we can, at best, mitigate the damage. > Fortunately the OASIS PKCS11 TC has clarified that these are > UTF-8; unfortunately they left other I18N details out. It appears to me that what they have said puts their level of understanding of the various issues somewhat behind where we were when RFC 2277 was written in 1997. john
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Peter Gutmann
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nico Williams
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nico Williams
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Randy Bush
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nikos Mavrogiannopoulos
- RE: [saag] i18n requirements (was: Re: NF* (Re: P… Salz, Rich
- RE: [saag] i18n requirements (was: Re: NF* (Re: P… Salz, Rich
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… John C Klensin
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nico Williams
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Jan Pechanec
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Jan Pechanec
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Pete Resnick
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nico Williams
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Jan Pechanec
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nico Williams
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Jan Pechanec
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… John C Klensin
- Re: [saag] i18n requirements (was: Re: NF* (Re: P… Nico Williams