IETF Logo Mail Archive

Re: Possible BofF question -- I18n

"John R Levine" <johnl@taugh.com> Sat, 02 June 2018 13:56 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3763B12D87F for <ietf@ietfa.amsl.com>; Sat, 2 Jun 2018 06:56:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=As8T6bJj; dkim=pass (1536-bit key) header.d=taugh.com header.b=upuO+BbT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K6SAhSqlHA7H for <ietf@ietfa.amsl.com>; Sat, 2 Jun 2018 06:56:34 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A71212D87E for <ietf@ietf.org>; Sat, 2 Jun 2018 06:56:34 -0700 (PDT)
Received: (qmail 82184 invoked from network); 2 Jun 2018 13:56:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=14106.5b12a210.k1806; bh=fqnFID6w92JTz0CE8p1aCXKOdpoyfqQJHUc2zMEdc5Q=; b=As8T6bJjOQqCkOnTT/URoug04N/ZrytBqF/dvcApvhtI5Ebg8JOxesTsNH/Xd0dBRe2mDGI0Y3ZWpZwNsOCCDmUnBSmyLlo0qxucceI6eEDlAI7YEV1G462GYCskZ6OK4DV/PUWAMgUyzxyzZzR/WxmhTpTS25SnVVUMYlPWyiyiFa7L4A81ufKG5047E6N9W3Z4VIt1q6Vtn7xcJkGEPMRyESat9yCx4KXUqOY9LwgERTMxUHsVAMoraiTEOvqK
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=14106.5b12a210.k1806; bh=fqnFID6w92JTz0CE8p1aCXKOdpoyfqQJHUc2zMEdc5Q=; b=upuO+BbThuZWu+bGP29stHhCqBrM1jtwmc55MZdmCGuCOEP8fTwOQx2aZE4j6aGe94sDJmtsulREu7LX5mV2g548ktbSDYByZtFCU/29g/Zb0+DKkRNAwCP/E0wcv9WkuojFco1tmw3cGfZnE7j6V27wBK5Mz6jZaeNXIneEvWLhwYFIyHN8sg1phRISUqhuFus1Y0/JmiVaM2o+RY43rfeGZfWrMJowYb37h6kMD3YHm1EkaaMk/m1DYjzLLTUE
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 02 Jun 2018 13:56:32 -0000
Date: Sat, 02 Jun 2018 09:56:32 -0400
Message-ID: <alpine.OSX.2.21.1806020948160.10640@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: IETF general list <ietf@ietf.org>
Subject: Re: Possible BofF question -- I18n
In-Reply-To: <6c5d5618-74a5-dcc8-d818-89243a41f307@gmail.com>
References: <20180530231127.17198276FEE3@ary.qy> <071E6235FE7B088A2B56A238@PSB> <0093E2CD-670E-47B6-A286-4FDEB140FAD9@frobbit.se> <20180531172228.GF14446@localhost> <383c2404-7beb-63e9-b2b2-e75fd1b174f1@mozilla.com> <20180601041949.GH14446@localhost> <A13FFF23-49BD-459D-8B5B-D3448154EEBC@frobbit.se> <20180601151053.GI14446@localhost> <2584adb9-1622-8b49-7236-ecc7dd374974@mozilla.com> <alpine.OSX.2.21.1806011219340.7621@ary.qy> <CAK3OfOgv33SJiPJ6ypo8k5hcpnjcJdRso6EXb9b12YNcdDgMUg@mail.gmail.com> <6c5d5618-74a5-dcc8-d818-89243a41f307@gmail.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/w7OB9HOSBT4uFOga6ZdW6U8_7gk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2018 13:56:36 -0000

On Sat, 2 Jun 2018, Brian E Carpenter wrote:
> If a dark art is one that involves combinatorial degrees of complexity
> mixed with human perception, judgment and emotion, then I fear that I18N
> *is* a dark art. We can perhaps manage such complexity by limiting the
> scope of what we try to do in our protocols, but I for one would very
> much appreciate having an I18N directorate reviewing everything.

Thanks, that was what I was trying to get at.  It would be great if more 
people learned about I18n issues, but I worry about expertise at the level 
of security experts telling people to memorize all their passwords and 
change them every month.

"Confusables", different characters that look exactly or approximately the 
same is a good example.  I used to think that one could make sets of 
confusable characters and avoid security problems by disallowing strings 
that differed only in confusables.  Unfortunately, what is confusable is 
highly context dependent.  For example, an Arabic digit 5 looks a lot like 
a lower case letter o, so depending on who and where you are you might 
think it looks like o or 0 or you might think it looks like 5 or you might 
think it looks like both.  I didn't realize that until I talked to native 
Arabic speakers and tried to read speed limit signs in Abu Dhabi.  Don't 
get me started on composable emoji and skin tones.

I'm not saying it's hopeless, but we need to be careful assuming that some 
knowledge always leads to better analyses than none.  Remember all those 
passwords they force you to change every month.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email