Erik van der Poel <[EMAIL PROTECTED]> wrote:
> The IETF generally only specifies the "wire" protocol, not UI
> behavior. The IETF does not specify how apps interface with users;
Generally, that's true, but IDNA is an exception. It state four
requirements (RFC 3490 section 3.1), and one of those four has rather
little to do with wire protocols, and quite a lot to do with UI
behavior:
3) ACE labels obtained from domain name slots SHOULD be hidden from
users when it is known that the environment can handle the non-ACE
form, except when the ACE form is explicitly requested. When it
is not known whether or not the environment can handle the non-ACE
form, the application MAY use the non-ACE form (which might fail,
such as by not being displayed properly), or it MAY use the ACE
form (which will look unintelligible to the user).
I think this discussion is headed toward an update to IDNA that would
add a second exception to that requirement, for protecting the user
against phishing. What we need to figure out is how to describe that
exception, and how specific or deliberately vague that description
should be.
AMC
