[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: stability

To: "Martin v. Löwis" <martin@v.loewis.de>
Subject: Re: [idn] Re: stability
From: Erik van der Poel <erik@vanderpoel.org>
Date: Tue, 15 Mar 2005 17:19:38 -0800
Cc: Simon Josefsson <jas@extundo.com>, Mark Davis <mark.davis@jtcsv.com>, idn@ops.ietf.org
In-reply-to: <42375C05.1000204@v.loewis.de>
References: <421B8484.3070802@vanderpoel.org> <20050223072837.GA21463~@nicemice.net> <D872CCF059514053ECF8A198@scan.jck.com> <421D8411.9030006@vanderpoel.org> <p06210208be4390618c81@[192.168.0.101]> <421E0D0C.2000309@vanderpoel.org> <p06210202be43c3888991@[192.168.0.101]> <E07CE813AD23B2D95DA0C740@scan.jck.com> <421E30F2.1040408@vanderpoel.org> <0E7F74C71945B923C52211F3@scan.jck.com> <421EA0C9.1010500@vanderpoel.org> <00a401c51af3$7863aae0$030aa8c0@DEWELL> <A574CA1BE87BFDA3C2A1AC0E@scan.jck.com> <42322CE2.4040509@vanderpoel.org> <4232B2FD.1080104@vanderpoel.org> <4232BA56.5090001@vanderpoel.org> <iluk6odazwb.fsf@latte.josefsson.org> <00e801c528a8$99ad37d0$72703009@sanjose.ibm.com> <ilull8qb5n5.fsf@latte.josefsson.org> <42367B63.6080300@vanderpoel.org> <4237450A.9010901@v.loewis.de> <423754F3.50405@vanderpoel.org> <42375C05.1000204@v.loewis.de>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Martin v. Löwis wrote:

Erik van der Poel wrote:
If we do not correct the specs, more and more implementations will be created and deployed, some implementing it one way, the others the other way. It is hard to change something when a lot of implementations have been deployed. This is why we have to act now (or soon). We have to nip it in the bud.
Not sure what aspect you are referring to,

I was referring to the RFC that has a pointer to UAX #15, i.e. RFC 3454 (Stringprep). The pointer should be updated to tracking number 24 or higher. Since this issue is hard to understand, it might also be a good idea to add an explanation in the new versions of Stringprep and the IDNA family.

http://www.unicode.org/reports/tr15/tr15-24.html

however, I doubt that the
majority of the implementations cares too much about what the RFC says.
So whether the RFC is changed or not in a minor aspect has little
impact on reality.

There may be some organizations that ignore some or all of the changes we make to the RFCs, but others are paying attention, and I'm pretty sure they will follow at least some parts of the new RFCs. Mozilla and Opera have already indicated that they believe the punctuation mark and symbol problem is a big problem, and that they would/will address this problem whether or not the RFCs do.

In the specific case of normalization, I think most IDNA implementations
will rely on a normalization implementation created elsewhere - few
IDNA implementations will come with their own normalization routines.
This is because normalization is difficult to implement, so you rather
reuse than reinvent. Then, when the underlying normalization routine
is changed, the IDNA implementation also changes - most likely without
the author of the IDNA implementation (let alone its user) even knowing.
In that scenario, the implementor of IDNA has little control over what
specific incarnation of normalization is used.

This specific issue is already mentioned in RFC 3490 (IDNA) in the Security Considerations section. Of course, it is up to the implementors whether they will adhere to the letter of the specs, but the IETF tries to achieve a "rough consensus" among the parties discussing the matter, and the authors try to write clear specs that foster interoperability.

Erik

References:
- [idn] nameprep2 and the slash homograph issue
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] nameprep2 and the slash homograph issue
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] nameprep2 and the slash homograph issue
  - From: John C Klensin <klensin@jck.com>
- [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: tedd <tedd@sperling.com>
- Re: [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: tedd <tedd@sperling.com>
- Re: [idn] punctuation
  - From: John C Klensin <klensin@jck.com>
- Re: [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: John C Klensin <klensin@jck.com>
- [idn] process
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] process
  - From: "Doug Ewell" <dewell@adelphia.net>
- Re: [idn] process
  - From: John C Klensin <klensin@jck.com>
- [idn] Unicode categories
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] Re: Unicode categories
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] stability
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] Re: stability
  - From: Simon Josefsson <jas@extundo.com>
- Re: [idn] Re: stability
  - From: "Mark Davis" <mark.davis@jtcsv.com>
- [idn] Re: stability
  - From: Simon Josefsson <jas@extundo.com>
- Re: [idn] Re: stability
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] Re: stability
  - From: "Martin v. Löwis" <martin@v.loewis.de>
- Re: [idn] Re: stability
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] Re: stability
  - From: "Martin v. Löwis" <martin@v.loewis.de>

Prev by Date: Re: [idn] stability
Next by Date: Re: [idn] Re: stability
Previous by thread: Re: [idn] Re: stability
Next by thread: Re: [idn] stability
Index(es):
- Date
- Thread