Security Considerations: bad split
Harald Tveit Alvestrand
harald at alvestrand.no
Sun Dec 7 19:12:27 CET 2008
Paul Hoffman skrev:
> At 9:03 AM +0100 12/7/08, Harald Tveit Alvestrand wrote:
>
>> Having re-read the security considerations on -bidi, I fail to see how
>> it's possible to comprehend these few paragraphs without just having
>> read -bidi.
>>
>
> Are you saying that someone who is implementing IDNA200x will not have read -bidi? I thought -bidi was required for the protocol.
>
I fully expect the overall registry designer to look at -bidi for 2
seconds, then throw it in the direction of the string-processing expert
and say "implement this". I expect him to pay much more careful
attention to -rationale.
>> In the case of -bidi, I see the drive for an unified security
>> considerations section as quixotic, harmful and nonsensical.
>>
>
> I can agree with the first and third, given that the document authors have bigger heels dug more firmly in the ground, but I do not see how a combined security considerations section could be "harmful".
>
>
I think that if the documents are harder to understand because of a text
change, that text change is harmful.
I don't think it's a big effect, but I have a definite opinion about its
sign bit.
Harald
More information about the Idna-update
mailing list