Re: [precis] I-D Action: draft-ietf-precis-7564bis-09.txt

William Fisher <> Sun, 17 September 2017 20:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C00431331F6 for <>; Sun, 17 Sep 2017 13:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0_fouPfLYHk2 for <>; Sun, 17 Sep 2017 13:54:31 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c0c::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4BE001331E5 for <>; Sun, 17 Sep 2017 13:54:31 -0700 (PDT)
Received: by with SMTP id k20so4862199wre.4 for <>; Sun, 17 Sep 2017 13:54:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1ikCFrx/cP7bGq6toKufHD5QjEdma/yNcarL06fm0/8=; b=G5bdd+9Dge+YdKKqcV1uh0bGEyIV0+yzwK5GNC3krmc//xrvUHj5v32YmxHXbMjT/c DhRjzsLki/RfNPxkgd+4XsDahFIJEXToq28IiVYRgVJRNwF3lInd07BOTYJnCGzwmCrc JRcbB15T+tNPaA3dMwf8b85IfTyrPHZGNTAcW8rHGigDcW4IHc7spG0yWzOFfeR6luT7 yI7OnS8gw3p8arq/qhjoW6qSHiCP+GPTYH8GZ8VvVKFYavC34whPnxekg9UvKRBGKSRB jZEDHZ50uAw6Q2fmKkG8jgmcmgA+ne9lemealR3dqPWsF2lf76l74Al4esYfSM/Wd+KF x7Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1ikCFrx/cP7bGq6toKufHD5QjEdma/yNcarL06fm0/8=; b=R2/+sryVLRws03CAF6Y2EWvE52loaWRk35OVXC41GNa36AQ4u0dEhx4wyBhcQwph14 1OXeLGJEoZpJaiP6HXMZts6oK6DE+tvp+1is3IaKM2rNgP25oAddytXr2qnpQQ/nAu17 rwrxgIQ05vIV/8gO0J8seGP/le5FCpKCzfbyjx4oQs5nB9v7Y1UAdK85Rs2WcIqMQVkt brnNZx9NJOHzNFv+xeioJmVGKONASGV4un+iwafQal9iY35Dk7bTFD7HNOix5BSRYUZ2 W3SU+V/FYxTc172XK9ocfV+OQc4mTLDPDnNeeIDatjEbx5G0GmmtnTm4U+3zaHGgexNn k8Wg==
X-Gm-Message-State: AHPjjUilI5W0MsIglDRlGknRqccPd9ivOPA+FBdJ21X+66EjIPJOzV+A +yfpRpyUF/VkXji/iRFoYGX2a3i/MDW/WAxucas=
X-Google-Smtp-Source: ADKCNb5LAudn6UrwJdKNiRbrbTNCrpnAwNd3bhhSpWBKNeZD5oN5BzwL7oNbtwIx3aEiBSS+C7ESR0MExIyeJLy6NzQ=
X-Received: by with SMTP id 23mr26481552wrv.93.1505681669738; Sun, 17 Sep 2017 13:54:29 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sun, 17 Sep 2017 13:54:28 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <>
From: William Fisher <>
Date: Sun, 17 Sep 2017 13:54:28 -0700
Message-ID: <>
To: Sam Whited <>
Cc: Peter Saint-Andre <>,
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [precis] I-D Action: draft-ietf-precis-7564bis-09.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 17 Sep 2017 20:54:36 -0000

On Sun, Sep 17, 2017 at 12:13 PM, Sam Whited <> wrote
> That is not enough. Someone writing a PRECIS implementation *might* see
> that. Someone actually using the PRECIS implementation (eg. the author
> of an XMPP Client, Spotify, etc.) will most likely not see that. If
> they're lucky, the text will have been copied over into the
> implementations documentation. That's a lot of "if's".

In the python implementation, the Nickname profile reapplies itself a
second time to handle the non-idempotent cases. In addition, all
profiles defensively verify that they are returning an idempotent
result. If a result is determined to not be stable/idempotent, the
code returns a "DISALLOWED/not_idempotent" error for the input.

If someone writes their own Profile, the Profile subclass is
responsible for iterating to avoid the "not_idempotent" error.

> I brought this up earlier as well. I wanted to bring it up again because
> the Nickname profile is getting so close to being published again with
> something that I think is possibly a security concern and that needs to
> be fixed since we won't have this opportunity again.

IMHO, requiring a non-idempotent PRECIS profile to iterate to resolve
idempotency issues mitigates the security issue. I do think this is
the PRECIS implementation's responsibility.

I have a vague suspicion (untested) that the double Nickname composition:

     result = nfkc(tolower(additional(nfkc(tolower(additional(input))))))

may be equivalent to the composition that you might get if you fixed
the Nickname profile by re-ordering the steps.

    result = tolower(additional(nfkc(input)))