Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt)

=JeffH <> Fri, 04 May 2012 16:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 643C621F85BD for <>; Fri, 4 May 2012 09:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -100.098
X-Spam-Status: No, score=-100.098 tagged_above=-999 required=5 tests=[AWL=0.397, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VR6P1WkkOGjC for <>; Fri, 4 May 2012 09:57:27 -0700 (PDT)
Received: from ( [IPv6:2605:dc00:100:2::a2]) by (Postfix) with SMTP id 7749F21F8483 for <>; Fri, 4 May 2012 09:57:27 -0700 (PDT)
Received: (qmail 20979 invoked by uid 0); 4 May 2012 16:57:25 -0000
Received: from unknown (HELO ( by with SMTP; 4 May 2012 16:57:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=cfYn5y9aOBmQJeHZkvRtEAqDzK/2xfQ+OGeBtfcieFw=; b=H6zu61O5KKZcQ25IIURxVaay02vF+WICV1BRv+zHpNChMMOm0H47G9o8YJ/oAG9f/lAKhVk3KnRdHyA71tR/tcWVRcdsXCO/EVZnhwd3sb4yW/VLYppE9eoWzqaZRmAt;
Received: from ([] helo=[]) by with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <>) id 1SQLoq-0003GZ-RR; Fri, 04 May 2012 10:57:24 -0600
Message-ID: <>
Date: Fri, 04 May 2012 09:57:26 -0700
From: =JeffH <>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Alexey Melnikov <>, Peter Saint-Andre <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {} {sentby:smtp auth authed with}
Cc: IETF WebSec WG <>
Subject: Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 May 2012 16:57:28 -0000

Alexey states:
 > On 3 May 2012, at 20:40, Peter Saint-Andre <>; wrote:
 >> On 5/2/12 1:45 PM, =JeffH wrote:
 >>>> 13.  Internationalized Domain Names for Applications (IDNA): Dependency
 >>>>      and Migration
 >>>>    IDNA2008 obsoletes IDNA2003, but there are differences between the
 >>>>    two specifications, and thus there can be differences in processing
 >>>>    (e.g., converting) domain name labels that have been registered under
 >>>>    one from those registered under the other.  There will be a
 >>>>    transition period of some time during which IDNA2003-based domain
 >>>>    name labels will exist in the wild.  User agents SHOULD implement
 >>>>    IDNA2008 [RFC5890] and MAY implement [RFC5895] (see also Section 7 of
 >>>>    [RFC5894]) or [UTS46] in order to facilitate their IDNA transition.
 >>>> I might be kicking a dead horse here, but MAY sounds a bit weak.
 >>>> I especially dislike having the choice between 2 incompatible specs,
 >>>> I think this might cause some interop problems.
 >>> As far as I can tell, having had fairly extensive discussions with IDNA
 >>> folk both privately and on various lists such as idna-update@, the above
 >>> relects the the unfortunate state of the world at this time. For
 >>> instance, Pete Resnick signed off on the language in the spec in this
 >>> message to websec@...
 >>> Re: [websec] wrt IDN processing-related security considerations for
 >>> draft-ietf-websec-strict-transport-sec
 >>> we should probably fork off any further discussion on this topic to that
 >>> thread.
 >> Unfortunately, I think the text that Jeff produced is about the best
 >> we're going to do
 > We are setting ourselves up for some interop problems. We should bite the
 > bullet and through RFC 5894 or UTS 46 out.

These overall topics have been discussed in the past on..

..and it seems to me this particular discussion should probably be taken over 
to that list. some pointers to likely pertinent prior threads below.



Past threads on the idna-update@ list that I'm aware of that are specifically 
pertinent to the above include (there may also be others, see also further below)..

   referencing IDNA2008 (and IDNA2003?)

   RFC5895 and UTS46 ?

   IDN processing-related security considerations for 

   wrt IDNA2008 migration (was: IDN processing-related...

   wrt IDNA2003->IDNA2008 transitionn (was: IDN processing-related...

Older threads re IDNA2003 - IDNA2008 transition (there also are definitely 
(many) other relevant threads)...

   Another Transition Plan Proposal

   An idea for transition principles (see next thread for plain text doc 
version; but there were replies in this thread too)

   Re-sending TXT form of Proposed IDNA2008 Transition Idea

   PostWG IDNA2008 implementation, transition and deployment document preparation