IETF Logo Mail Archive

RE: Last Call summary for draft-ietf-pkix-cert-utf8

Russ Housley <housley@vigilsec.com> Thu, 13 April 2006 16:55 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU56T-0004Yf-Tb for pkix-archive@lists.ietf.org; Thu, 13 Apr 2006 12:55:33 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FU56T-00038I-H0 for pkix-archive@lists.ietf.org; Thu, 13 Apr 2006 12:55:33 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k3DGBSBd050837; Thu, 13 Apr 2006 09:11:28 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k3DGBS0W050836; Thu, 13 Apr 2006 09:11:28 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from woodstock.binhost.com (woodstock.binhost.com [144.202.243.4]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id k3DGBRcs050830 for <ietf-pkix@imc.org>; Thu, 13 Apr 2006 09:11:27 -0700 (MST) (envelope-from housley@vigilsec.com)
Received: (qmail 28454 invoked by uid 0); 13 Apr 2006 16:11:23 -0000
Received: from unknown (HELO THINKPADR52.vigilsec.com) (71.246.201.221) by woodstock.binhost.com with SMTP; 13 Apr 2006 16:11:23 -0000
Message-Id: <7.0.0.16.2.20060413114840.059c9c38@vigilsec.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.0.16
Date: Thu, 13 Apr 2006 12:11:24 -0400
To: Ted Hardie <hardie@qualcomm.com>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: Last Call summary for draft-ietf-pkix-cert-utf8
Cc: iesg@ietf.org, ietf-pkix@imc.org
In-Reply-To: <p06230901c06418480fd2@[129.46.225.88]>
References: <p06230901c06418480fd2@[129.46.225.88]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248

Ted:

Thanks for the improved text.  Here it is all put together:

    When strings are mapped from internal representations to visual 
representations,
    sometimes two different strings will have the same or similar 
visual representations.
    This can happen for many different reasons, including use of 
similar glyphs and
    use of composed characters (such as e + ' equaling U+00E9, the Korean
    composed characters, and vowels above consonant clusters in 
certain languages).
    As a result of this situation, people doing visual comparisons between two
    different names may think they are the same when in fact they are 
not.  Also,
    people may mistake one string for another.  Issuers of 
certificates and relying
    parties both need to be aware of this situation.

This does not impose any untestable requirements.  Any concerns with this text?

Russ

At 11:05 AM 4/13/2006, you wrote:
>At 10:32 AM -0400 4/13/06, Russ Housley wrote:
> >I suggest the following.  I think it adds the concept of "similar looking."
> >
> >   When strings are mapped from internal representations to visual 
> representations,
> >   sometimes two different strings will have the same or similar 
> visual representations.
> >   This can happen for many different reasons, including use of 
> similar glyphs and
> >   multiple items being combined into a single glyph.
>
>"Multiple items being combined into a single glyph" sounds like you mean
>"the use of composed characters" (e + ' equaling U+00E9, the Korean composed
>characters, vowels above consonant clusters in certain 
>languages).  Each of the
>cases in which that occurs  has a raft of different instances, each 
>with their own
>tricky bits.  If that is what you mean, I'd suggest using that 
>phrasing, as it is a
>more recognized term of art.   If you mean something else, I don't think I'm
>clear on what exactly you mean.
>                                 Ted
>
>
>
>
> >As a result of this situation,
> >   people doing visual comparisons between two different names may 
> think they are
> >   the same when in fact they are not.  Also, people may mistake 
> one string for
> >   another.  Issuers of certificates and relying parties both need 
> to be aware of
> >   this situation.
> >
> >This does not impose any untestable requirements.  Any concerns 
> with this text?
> >
> >Russ
> >
> >
> >At 07:36 AM 4/13/2006, Santosh Chokhani wrote:
> >>When strings are mapped from internal representations to visual
> >>representations, sometimes two different strings will have
> >>the same visual representations.  This can happen due to similar glyphs,
> >>multiple items being combined into a single glyph among other reasons.
> >>When
> >>this happens people doing visual comparisons between two different names
> >>may
> >>think they are the same when in fact they are not.  Also, people may
> >>mistake one string for another.  Issuers of certificates and relying
> >>parties both need to be aware of these facts.

v2.23.0 | Report a Bug | By Email