On 5/4/12 2:47 AM, Alexey Melnikov wrote: > On 3 May 2012, at 20:40, Peter Saint-Andre <stpe...@stpeter.im> wrote: > >> On 5/2/12 1:45 PM, =JeffH wrote: >> >>>> 13. Internationalized Domain Names for Applications (IDNA): Dependency >>>> and Migration >>>> >>>> IDNA2008 obsoletes IDNA2003, but there are differences between the >>>> two specifications, and thus there can be differences in processing >>>> (e.g., converting) domain name labels that have been registered under >>>> one from those registered under the other. There will be a >>>> transition period of some time during which IDNA2003-based domain >>>> name labels will exist in the wild. User agents SHOULD implement >>>> IDNA2008 [RFC5890] and MAY implement [RFC5895] (see also Section 7 of >>>> [RFC5894]) or [UTS46] in order to facilitate their IDNA transition. >>>> >>>> I might be kicking a dead horse here, but MAY sounds a bit weak. >>>> I especially dislike having the choice between 2 incompatible specs, >>>> I think this might cause some interop problems. >>> >>> As far as I can tell, having had fairly extensive discussions with IDNA >>> folk both privately and on various lists such as idna-update@, the above >>> relects the the unfortunate state of the world at this time. For >>> instance, Pete Resnick signed off on the language in the spec in this >>> message to websec@... >>> >>> Re: [websec] wrt IDN processing-related security considerations for >>> draft-ietf-websec-strict-transport-sec >>> https://www.ietf.org/mail-archive/web/websec/current/msg01015.html >>> >>> we should probably fork off any further discussion on this topic to that >>> thread. >> >> Unfortunately, I think the text that Jeff produced is about the best >> we're going to do > > We are setting ourselves up for some interop problems. We should bite the > bullet and through RFC 5894 or UTS 46 out.
Jeff's point is that we already have interop problems but we need to be realistic about the state of the browsers. From reports we've received, some of them will be stuck on IDNA2003 for a long time... Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec
