[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt

To: IETF idn working group <idn@ops.ietf.org>
Subject: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
From: Simon Josefsson <simon+idn@josefsson.org>
Date: Wed, 29 May 2002 11:51:09 +0200
In-reply-to: <20020528221203.GC24925@nicemice.net> ("Adam M. Costello"'smessage of "Tue, 28 May 2002 22:12:03 +0000")
References: <200205231129.HAA04661@ietf.org><iluk7pp67u3.fsf@latte.josefsson.org><p05111713b91806a364ce@[165.227.249.18]><ilu661978r0.fsf@latte.josefsson.org><p05111719b9182f93fe0f@[165.227.249.18]><20020528221203.GC24925@nicemice.net>
User-agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2.90(i686-pc-linux-gnu)

"Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord> writes:

> I have no objection.  We might be able to compact it a bit:
>
>     Domain names are used by users to identify and connect to Internet
>     servers.  The security of the Internet is compromised if a user
>     entering a single internationalized name is connected to different
>     servers based on different interpretations of the internationalized
>     domain name.
>
>     When systems use local character sets other than ASCII and Unicode,
>     this specification leaves the transcoding problem up to the
>     application.  If applications implement different transcoding rules,
>     they could interpret the same name differently and contact different
>     servers.  This problem is not solved by security protocols like TLS
>     that do not take local character sets into account.
>
> [I didn't change the first paragraph except to remove the last
> sentence.]
>
> Simon, does that still say everything you want it to?

Sure.

Before the last sentence it could be useful to also add something
like: "Furthermore, if a single application uses one mapping table in
one version, and a subsequent version of the application uses a
modified mapping table, different interpretations of the same
internationalized text string may be possible even within the same
application which has security implications."

Perhaps it didn't come out very clearly, I was trying to explain that
if mapping tables are modified over time (in a way that Unicode CK
normalization does not cancel out) it will be exploitable.

Follow-Ups:
- Re: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>

References:
- [idn] I-D ACTION:draft-ietf-idn-idna-08.txt
  - From: Internet-Drafts@ietf.org
- [idn] Legacy charset conversion in draft-ietf-idn-idna-08.txt
  - From: Simon Josefsson <simon+idn@josefsson.org>
- Re: [idn] Legacy charset conversion in draft-ietf-idn-idna-08.txt
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
  - From: Simon Josefsson <simon+idn@josefsson.org>
- [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- Re: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>

Prev by Date: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt (inksc5601-1987)
Next by Date: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
Previous by thread: Re: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
Next by thread: Re: [idn] Re: Legacy charset conversion in draft-ietf-idn-idna-08.txt
Index(es):
- Date
- Thread