Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt)
=JeffH <Jeff.Hodges@KingsMountain.com> Fri, 04 May 2012 16:57 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 643C621F85BD for <websec@ietfa.amsl.com>; Fri, 4 May 2012 09:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.098
X-Spam-Level:
X-Spam-Status: No, score=-100.098 tagged_above=-999 required=5 tests=[AWL=0.397, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VR6P1WkkOGjC for <websec@ietfa.amsl.com>; Fri, 4 May 2012 09:57:27 -0700 (PDT)
Received: from oproxy9.bluehost.com (oproxy9.bluehost.com [IPv6:2605:dc00:100:2::a2]) by ietfa.amsl.com (Postfix) with SMTP id 7749F21F8483 for <websec@ietf.org>; Fri, 4 May 2012 09:57:27 -0700 (PDT)
Received: (qmail 20979 invoked by uid 0); 4 May 2012 16:57:25 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy9.bluehost.com with SMTP; 4 May 2012 16:57:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=cfYn5y9aOBmQJeHZkvRtEAqDzK/2xfQ+OGeBtfcieFw=; b=H6zu61O5KKZcQ25IIURxVaay02vF+WICV1BRv+zHpNChMMOm0H47G9o8YJ/oAG9f/lAKhVk3KnRdHyA71tR/tcWVRcdsXCO/EVZnhwd3sb4yW/VLYppE9eoWzqaZRmAt;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.90]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1SQLoq-0003GZ-RR; Fri, 04 May 2012 10:57:24 -0600
Message-ID: <4FA40A76.2000503@KingsMountain.com>
Date: Fri, 04 May 2012 09:57:26 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>, Peter Saint-Andre <stpeter@stpeter.im>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] IDNA Dependency and Migration text (was: Review of draft-ietf-websec-strict-transport-sec-06.txt)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 16:57:28 -0000
Alexey states: > > On 3 May 2012, at 20:40, Peter Saint-Andre <stpeter@stpeter.im> wrote: > >> On 5/2/12 1:45 PM, =JeffH wrote: >> >>>> 13. Internationalized Domain Names for Applications (IDNA): Dependency >>>> and Migration >>>> >>>> IDNA2008 obsoletes IDNA2003, but there are differences between the >>>> two specifications, and thus there can be differences in processing >>>> (e.g., converting) domain name labels that have been registered under >>>> one from those registered under the other. There will be a >>>> transition period of some time during which IDNA2003-based domain >>>> name labels will exist in the wild. User agents SHOULD implement >>>> IDNA2008 [RFC5890] and MAY implement [RFC5895] (see also Section 7 of >>>> [RFC5894]) or [UTS46] in order to facilitate their IDNA transition. >>>> >>>> I might be kicking a dead horse here, but MAY sounds a bit weak. >>>> I especially dislike having the choice between 2 incompatible specs, >>>> I think this might cause some interop problems. >>> >>> As far as I can tell, having had fairly extensive discussions with IDNA >>> folk both privately and on various lists such as idna-update@, the above >>> relects the the unfortunate state of the world at this time. For >>> instance, Pete Resnick signed off on the language in the spec in this >>> message to websec@... >>> >>> Re: [websec] wrt IDN processing-related security considerations for >>> draft-ietf-websec-strict-transport-sec >>> https://www.ietf.org/mail-archive/web/websec/current/msg01015.html >>> >>> we should probably fork off any further discussion on this topic to that >>> thread. >> >> Unfortunately, I think the text that Jeff produced is about the best >> we're going to do > > We are setting ourselves up for some interop problems. We should bite the > bullet and through RFC 5894 or UTS 46 out. These overall topics have been discussed in the past on.. idna-update@alvestrand.no <http://www.alvestrand.no/mailman/listinfo/idna-update> ..and it seems to me this particular discussion should probably be taken over to that list. some pointers to likely pertinent prior threads below. HTH, =JeffH ------ Past threads on the idna-update@ list that I'm aware of that are specifically pertinent to the above include (there may also be others, see also further below).. referencing IDNA2008 (and IDNA2003?) http://www.alvestrand.no/pipermail/idna-update/2010-October/006757.html RFC5895 and UTS46 ? http://www.alvestrand.no/pipermail/idna-update/2010-October/006821.html IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec http://www.alvestrand.no/pipermail/idna-update/2011-September/007140.html wrt IDNA2008 migration (was: IDN processing-related... http://www.alvestrand.no/pipermail/idna-update/2011-September/007152.html wrt IDNA2003->IDNA2008 transitionn (was: IDN processing-related... http://www.alvestrand.no/pipermail/idna-update/2011-October/007170.html Older threads re IDNA2003 - IDNA2008 transition (there also are definitely (many) other relevant threads)... Another Transition Plan Proposal http://www.alvestrand.no/pipermail/idna-update/2009-December/006255.html An idea for transition principles (see next thread for plain text doc version; but there were replies in this thread too) http://www.alvestrand.no/pipermail/idna-update/2009-December/006330.html Re-sending TXT form of Proposed IDNA2008 Transition Idea http://www.alvestrand.no/pipermail/idna-update/2009-December/006339.html PostWG IDNA2008 implementation, transition and deployment document preparation http://www.alvestrand.no/pipermail/idna-update/2009-December/006374.html --- end