Return-Path: <ltru-bounces@lists.ietf.org>
Received: from murder ([unix socket])
	 by eikenes.alvestrand.no (Cyrus v2.2.8-Mandrake-RPM-2.2.8-4.2.101mdk) with LMTPA;
	 Tue, 24 May 2005 04:20:26 +0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost.localdomain [127.0.0.1])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 56AB361B54
	for <harald@alvestrand.no>; Tue, 24 May 2005 04:20:26 +0200 (CEST)
Received: from eikenes.alvestrand.no ([127.0.0.1])
 by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 01062-08 for <harald@alvestrand.no>;
 Tue, 24 May 2005 04:20:20 +0200 (CEST)
X-Greylist: domain auto-whitelisted by SQLgrey-1.4.8
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 78D2B61AF1
	for <harald@alvestrand.no>; Tue, 24 May 2005 04:20:19 +0200 (CEST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.32)
	id 1DaP0R-0006Ol-R6; Mon, 23 May 2005 22:18:55 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.32) id 1DaP0R-0006Og-0I
	for ltru@megatron.ietf.org; Mon, 23 May 2005 22:18:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1])
	by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA24033
	for <ltru@ietf.org>; Mon, 23 May 2005 22:18:53 -0400 (EDT)
Received: from montage.altserver.com ([63.247.74.122])
	by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DaPIP-0006D6-Jj
	for ltru@ietf.org; Mon, 23 May 2005 22:37:37 -0400
Received: from [82.241.91.24] (helo=jfc.afrac.org)
	by montage.altserver.com with esmtpa (Exim 4.44)
	id 1DaP0H-0007Cd-6R; Mon, 23 May 2005 19:18:45 -0700
Message-Id: <6.2.1.2.2.20050524032333.04472ca0@mail.jefsey.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Tue, 24 May 2005 04:13:20 +0200
To: "Addison Phillips" <addison.phillips@quest.com>
From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>
Subject: RE: [Ltru] [psg.com #967] address homograph issues
	insecurityconsiderations
In-Reply-To: <634978A7DF025A40BFEF33EB191E13BC0B7F3930@irvmbxw01.quest.c
 om>
References: <634978A7DF025A40BFEF33EB191E13BC0B7F3930@irvmbxw01.quest.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse,
	please include it with any abuse report
X-AntiAbuse: Primary Hostname - montage.altserver.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jefsey.com
X-Scan-Signature: 6ffdee8af20de249c24731d8414917d3
Cc: ltru@ietf.org
X-BeenThere: ltru@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Language Tag Registry Update working group discussion list
	<ltru.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ltru>,
	<mailto:ltru-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ltru>
List-Post: <mailto:ltru@lists.ietf.org>
List-Help: <mailto:ltru-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ltru>,
	<mailto:ltru-request@lists.ietf.org?subject=subscribe>
Sender: ltru-bounces@lists.ietf.org
Errors-To: ltru-bounces@lists.ietf.org
X-Virus-Scanned: amavisd-new at alvestrand.no

Addison,
in case my vacations are finished a few points.

1. I introduced the homograph issue. You discussed it at length, so I hoped 
you would understand as you did for the dated entries... The homograph 
problem I rose is not about the registry but about the script/charset 
conflicts and/or script variations. Your system does not introduce/document 
any protection against homograph issues, while users would legitimately 
believe they are protected.

2. ditto about security and "nationality" disclosure. I do not want Randy 
to ban me again for defending Human Rights., so, I prepared and circulate a 
short declaration on lingual rights respect by standard makers. This kind 
of text needs to be reviewed by many for moral and ethical endorsement. It 
will propose it to  IETF as to everyone else. If IETF chooses to oppose it, 
your concept could continue. If IETF chooses to support it, it will 
probably call for a complete review. I told the problem enough ... I try to 
speed things. My target date is July 1st, Paris meeting with everyone 
there. I will obviously copy it to you as soon as I can.

3. My printer is down. I spent more than three dollars today to get your 
.02.txt version printed. Then I stared reviewing it. Now, you announce 
version 03.txt. I cannot follow: I will make a final review and publish it 
during the Last Call. Like Randy did: one mail per remark. Trying to reach 
consensus by exhaustion has also draught back. I only hope that 04.txt 
includes a global change and addresses the numerous remarks I made.

 From trying to make a summary today, just a suggestion.I disagree with the 
document and do not speak English, so I would be a poor contributor: I know 
you live with this text for one year; but you could try to think as a 
developer reading the current text for the first time. May be it could help 
your text to be easier to read and understand?
Cheers.
jfc



On 00:03 24/05/2005, Addison Phillips said:
>Note that confusables cannot appear in the registry: registry entries are 
>always lowercase excepting regions (uppercase) and scripts (titlecase). 
>Scripts and ISO 3166 codes are both alpha-only (no digits!!)
>
>Confusables can only affect language tags. These tags will not be 
>well-formed excepting the use of 0/o and 1/l in primary language tags and 
>variants.
>
>So then... would this text work (in possibilities for registration section??):
>
><t>Language tags are formed from ASCII letters and digits. Some of these 
>characters may be confused when displayed in certain fonts in certain user 
>interfaces. In well-formed tags (where all of the subtags are actually 
>valid), the only subtags that are affected are registered primary-language 
>subtags (those longer than four characters, none of which exist at the 
>time of adoption of this document) or variant subtags. The character pairs 
>normally considered confusable in these subtags are 0 vs. O (%x30 vs. 
>%x4F) and 1 and l (%x31 vs. %x6c). No subtags will be permitted for 
>registration that differ only by these character pairs. For example, if a 
>subtag 'example' (%x65.78.61.6d.70.6c.65) were registered as a variant, 
>the subtag 'examp1e' (%x65.78.61.6d.70.31.65) would not be valid for 
>registration. In addition, applications for registration that present 
>obviously confusable sequences (such as 'examp1e') will probably be 
>rejected.</t>
>
>Addison
>
>Addison P. Phillips
>Globalization Architect, Quest Software
>Chair, W3C Internationalization Core Working Group
>
>Internationalization is not a feature.
>It is an architecture.
>
> > -----Original Message-----
> > From: ltru-bounces@lists.ietf.org [mailto:ltru-bounces@lists.ietf.org] On
> > Behalf Of Peter Constable
> > Sent: 2005?5?23? 14:20
> > To: ltru@ietf.org
> > Subject: RE: [Ltru] [psg.com #967] address homograph issues
> > insecurityconsiderations
> >
> > > From: ltru-bounces@lists.ietf.org [mailto:ltru-bounces@lists.ietf.org]
> > On Behalf Of
> > > John Cowan
> >
> >
> > > As long as everything is cased consistently, there is no problem, but
> > if someone
> > > uses anomalous casing, these would become a problem under your
> > proposal.
> > > I propose therefore that only zero/oh, one/eye, and one/ell be treated
> > as
> > > confusables; these could arise only in variant subtags.
> >
> > As John notes, there isn't an issue for subtags from ISO source
> > standards when casing conventions are applied, though there certainly
> > could be when they are not -- e.g. "ia" and "la" in ISO 639-1 -- but we
> > don't want to prohibit such on the basis of failure to apply casing
> > conventions: a security-conscious app *should* apply the casing
> > conventions if displaying these tags in a UI.
> >
> > As John also notes, zero/Oh, one/Eye and one/el issues can arise for
> > variants, and we should ensure that they are prevented. They can also
> > arise for the registered-lang subtag, and that should also be prevented.
> >
> > The registered-lang subtags is also susceptible to the el / "Eye" issue
> > since there are no casing conventions for this subtag. I think we should
> > be adding prevention for that as well.
> >
> > Since extensions cannot be interpreted without reference to other RFCs,
> > I don't think we need to worry about homographs within extensions.
> >
> >
> >
> > Peter Constable
> >
> > _______________________________________________
> > Ltru mailing list
> > Ltru@lists.ietf.org
> > https://www1.ietf.org/mailman/listinfo/ltru
>
>
>_______________________________________________
>Ltru mailing list
>Ltru@lists.ietf.org
>https://www1.ietf.org/mailman/listinfo/ltru


_______________________________________________
Ltru mailing list
Ltru@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/ltru