At 09:56 AM 11/19/2001 -0600, Eric A. Hall wrote: >Dave Crocker wrote: > > The string that you so mistrust comes from the DNS. Hence the security > > question is whether strings from the DNS can be trusted. > >Only in some usage scenarios. For protocol and application data which >contains sequences that are decoded for display, this is not true, yet >those encodings must be validated
You are confusing an administrative issue with a protocol specification issue. >Unfortunately the scope of this work is such that it cannot be handled by >this WG. Excellent! Thank you for acknowledging that your concern is outside of the scope of this working group. > In short, the only way that this problem can be adequately >addressed is to reject transliteration for any data that is not lookup >oriented I recognize all of the words you used, but have no idea what you mean. >, and to defer tranliteration of protocol or application data >(include mail headers, URLs, everything that is NOT lookup oriented) to >the governing documents where they can be managed as appropriate to their >context. This working group is concerned with domain names, not mail headers or anything else. d/ ---------- Dave Crocker <mailto:[EMAIL PROTECTED]> Brandenburg InternetWorking <http://www.brandenburg.com> tel +1.408.246.8253; fax +1.408.273.6464
