[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: IDNA: is the specification proper, adequate, and complete?

To: <idn@ops.ietf.org>
Subject: Re: [idn] Re: IDNA: is the specification proper, adequate, and complete?
From: "Doug Ewell" <dewell@adelphia.net>
Date: Tue, 18 Jun 2002 10:01:09 -0700
Cc: "Paul Hoffman / IMC" <phoffman@imc.org>
References: <3D0F0036.81D3D52A@trab.se> <p05111a3ab9350a36e55b@[165.227.249.18]>

"Paul Hoffman / IMC" <phoffman at imc dot org> wrote:

>> They [U+00C5 and U+212B] look identical because it is the same
>> character.
>
> That definition of "same" doesn't match the definition that the
> rest of us are using. They have different code points, they have
> different names, and they have different Unicode properties.

Same Unicode properties -- "Lu", meaning "Letter, Uppercase."  Of
course, by itself that hardly makes them the same character -- "A" and
"B" are also classified as Lu.

I'm not sure how productive it's going to be to argue whether two
characters or sequences constitute "the same character."  You can go
either way in some cases (what about U+00C5 vs. U+0041 U+030A?).  Simon
Josefsson has been trying to show that, because U+00C5 and U+212B are
"different" characters but look the same, and because stringprep folds
them together, there is therefore "ambiguity" and security loopholes are
introduced.  (I still think it's the other way around; leaving them
separate is what would invite spoofing.)  Because of this line of
argument, some of us have stated that U+00C5 and U+212B aren't
completely different because of canonical equivalence.  But of course
they're not completely the same, either.  This might be sort of a
"dancing angels" debate that generates no light, but perhaps a lot of
heat.

In any case, hasn't the broad question of canonical folding been settled
for a long time now?  I'm really starting to sympathize with Georg
Ochsner, who asked when on earth this project would finally be
completed.  I have heard very few new arguments in the past six months,
but a great deal of rehashing of old issues (like this one) that I
thought had already been resolved.  Georg is right -- at this rate,
nobody will stick around to wait for the IETF solution, but will go with
whatever Verisign slaps together (probably with a lot less consensus
building that this WG) and that will become the de-facto standard.  Do
we want that?

-Doug Ewell
 Fullerton, California

References:
- Re: [idn] Re: IDNA: is the specification proper, adequate, and complete?
  - From: Dan Oscarsson <Dan.Oscarsson@trab.se>
- Re: [idn] Re: IDNA: is the specification proper, adequate, andcomplete?
  - From: Paul Hoffman / IMC <phoffman@imc.org>

Prev by Date: Re: [idn] Re: IDNA: is the specification proper, adequate, andcomplete?
Next by Date: Re: [idn] Re: IDNA: is the specification proper,adequate, and complete?
Previous by thread: Re: [idn] Re: IDNA: is the specification proper, adequate, andcomplete?
Next by thread: Re: [idn] Re: IDNA: is the specification proper, adequate, and complete?
Index(es):
- Date
- Thread