Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt)

=JeffH <Jeff.Hodges@KingsMountain.com> Fri, 04 May 2012 16:57 UTC

Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 643C621F85BD for <websec@ietfa.amsl.com>; Fri, 4 May 2012 09:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.098
X-Spam-Level:
X-Spam-Status: No, score=-100.098 tagged_above=-999 required=5 tests=[AWL=0.397, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VR6P1WkkOGjC for <websec@ietfa.amsl.com>; Fri, 4 May 2012 09:57:27 -0700 (PDT)
Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id 7749F21F8483 for <websec@ietf.org>; Fri, 4 May 2012 09:57:27 -0700 (PDT)
Received: (qmail 20979 invoked by uid 0); 4 May 2012 16:57:25 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy9.bluehost.com with SMTP; 4 May 2012 16:57:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=cfYn5y9aOBmQJeHZkvRtEAqDzK/2xfQ+OGeBtfcieFw=; b=H6zu61O5KKZcQ25IIURxVaay02vF+WICV1BRv+zHpNChMMOm0H47G9o8YJ/oAG9f/lAKhVk3KnRdHyA71tR/tcWVRcdsXCO/EVZnhwd3sb4yW/VLYppE9eoWzqaZRmAt;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.90]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1SQLoq-0003GZ-RR; Fri, 04 May 2012 10:57:24 -0600
Message-ID: <4FA40A76.2000503@KingsMountain.com>
Date: Fri, 04 May 2012 09:57:26 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>, Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 16:57:28 -0000

Alexey states:
 >
 > On 3 May 2012, at 20:40, Peter Saint-Andre <stpeter@stpeter.im>; wrote:
 >
 >> On 5/2/12 1:45 PM, =JeffH wrote:
 >>
 >>>> 13.  Internationalized Domain Names for Applications (IDNA): Dependency
 >>>>      and Migration
 >>>>
 >>>>    IDNA2008 obsoletes IDNA2003, but there are differences between the
 >>>>    two specifications, and thus there can be differences in processing
 >>>>    (e.g., converting) domain name labels that have been registered under
 >>>>    one from those registered under the other.  There will be a
 >>>>    transition period of some time during which IDNA2003-based domain
 >>>>    name labels will exist in the wild.  User agents SHOULD implement
 >>>>    IDNA2008 [RFC5890] and MAY implement [RFC5895] (see also Section 7 of
 >>>>    [RFC5894]) or [UTS46] in order to facilitate their IDNA transition.
 >>>>
 >>>> I might be kicking a dead horse here, but MAY sounds a bit weak.
 >>>> I especially dislike having the choice between 2 incompatible specs,
 >>>> I think this might cause some interop problems.
 >>>
 >>> As far as I can tell, having had fairly extensive discussions with IDNA
 >>> folk both privately and on various lists such as idna-update@, the above
 >>> relects the the unfortunate state of the world at this time. For
 >>> instance, Pete Resnick signed off on the language in the spec in this
 >>> message to websec@...
 >>>
 >>> Re: [websec] wrt IDN processing-related security considerations for
 >>> draft-ietf-websec-strict-transport-sec
 >>> https://www.ietf.org/mail-archive/web/websec/current/msg01015.html
 >>>
 >>> we should probably fork off any further discussion on this topic to that
 >>> thread.
 >>
 >> Unfortunately, I think the text that Jeff produced is about the best
 >> we're going to do
 >
 > We are setting ourselves up for some interop problems. We should bite the
 > bullet and through RFC 5894 or UTS 46 out.

These overall topics have been discussed in the past on..

   idna-update@alvestrand.no
   <http://www.alvestrand.no/mailman/listinfo/idna-update>

..and it seems to me this particular discussion should probably be taken over 
to that list. some pointers to likely pertinent prior threads below.

HTH,

=JeffH
------

Past threads on the idna-update@ list that I'm aware of that are specifically 
pertinent to the above include (there may also be others, see also further below)..


   referencing IDNA2008 (and IDNA2003?)
   http://www.alvestrand.no/pipermail/idna-update/2010-October/006757.html


   RFC5895 and UTS46 ?
   http://www.alvestrand.no/pipermail/idna-update/2010-October/006821.html


   IDN processing-related security considerations for 
draft-ietf-websec-strict-transport-sec
   http://www.alvestrand.no/pipermail/idna-update/2011-September/007140.html


   wrt IDNA2008 migration (was: IDN processing-related...
   http://www.alvestrand.no/pipermail/idna-update/2011-September/007152.html


   wrt IDNA2003->IDNA2008 transitionn (was: IDN processing-related...
   http://www.alvestrand.no/pipermail/idna-update/2011-October/007170.html


Older threads re IDNA2003 - IDNA2008 transition (there also are definitely 
(many) other relevant threads)...


   Another Transition Plan Proposal
   http://www.alvestrand.no/pipermail/idna-update/2009-December/006255.html


   An idea for transition principles (see next thread for plain text doc 
version; but there were replies in this thread too)
   http://www.alvestrand.no/pipermail/idna-update/2009-December/006330.html


   Re-sending TXT form of Proposed IDNA2008 Transition Idea
   http://www.alvestrand.no/pipermail/idna-update/2009-December/006339.html


   PostWG IDNA2008 implementation, transition and deployment document preparation
   http://www.alvestrand.no/pipermail/idna-update/2009-December/006374.html



---
end