Re: [lamps] Adam Roach's Discuss on draft-ietf-lamps-rfc5280-i18n-update-03: (with DISCUSS and COMMENT)

Russ Housley <housley@vigilsec.com> Wed, 11 October 2017 18:22 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C28B13306C for <spasm@ietfa.amsl.com>; Wed, 11 Oct 2017 11:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kVmLA96rDj-9 for <spasm@ietfa.amsl.com>; Wed, 11 Oct 2017 11:22:21 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73F1C126B6E for <spasm@ietf.org>; Wed, 11 Oct 2017 11:22:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C8A7830056B for <spasm@ietf.org>; Wed, 11 Oct 2017 14:22:20 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CTi5xonCwmgK for <spasm@ietf.org>; Wed, 11 Oct 2017 14:22:19 -0400 (EDT)
Received: from [192.168.6.27] (unknown [64.134.67.184]) by mail.smeinc.net (Postfix) with ESMTPSA id 74DE4300265; Wed, 11 Oct 2017 14:22:16 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <150768424357.24799.4538872386645863659.idtracker@ietfa.amsl.com>
Date: Wed, 11 Oct 2017 14:22:07 -0400
Cc: IESG <iesg@ietf.org>, SPASM <spasm@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8A6B588D-B72B-48C1-A7DB-1BB40F5C7D0F@vigilsec.com>
References: <150768424357.24799.4538872386645863659.idtracker@ietfa.amsl.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/7OSaGdnedoELPKRcda6umS29ohk>
Subject: Re: [lamps] Adam Roach's Discuss on draft-ietf-lamps-rfc5280-i18n-update-03: (with DISCUSS and COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2017 18:22:24 -0000

> On Oct 10, 2017, at 9:10 PM, Adam Roach <adam@nostrum.com> wrote:
> 
> Adam Roach has entered the following ballot position for
> draft-ietf-lamps-rfc5280-i18n-update-03: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5280-i18n-update/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> The final paragraph in Section 2.4 reads:
> 
>   Implementations should convert the local-part and the host-part of
>   internationalized email addresses placed in these extensions to
>   Unicode before display.
> 
> The mention of converting "local-part" to "Unicode" has a very strong
> implication that the local-part of internationalized email addresses can be
> (should be?) ACE-encoded (or otherwise converted to some non-Unicode encoding).
> Unless my understanding of internationalized email addresses is wildly wrong
> (and that may be the case), this isn't how they work: the local-part *is* in
> Unicode, and so conversion to Unicode doesn't make sense.
> 
> This seems highly likely to lead developers down the path of ACE-encoding the
> local-part component of email addresses, which would cause incompatibilities.

Right.  I'll correct that text.

> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> The document has several instances of (lower-case) "should" where talking about
> implementation behavior. These look like they should be normative to me -- if
> that's the intention, please make them uppercase. If not, please update to RFC
> 8174 boilerplate.

Okay.  I'll double check each use of "should" in the document.


> The document contains the following normative requirement:
> 
>   Note:  Implementations MUST allow for increased space requirements
>   for IDNs.
> 
> It's hard to determine what an implementation needs to do in order to satisfy
> this normative requirement. Presumably, "increased" is relative to previous
> buffer allocations for domain names? Also, the statement can be satisfied as
> stated by simply increasing such buffers by a single byte. Surely that's not
> what's intended, is it?

The real assistance comes in the next sentence:

   An IDN ACE label will begin with the four additional
   characters "xn--" and may require as many as five ASCII characters to
   specify a single international character.

> (Aside: I find the use of "Note:" preceding normative text to be confusing, so
> you might want to remove it)

It is more of an implementation consideration.

Russ