Eszett (was Implementation questions)
Erik van der Poel
erikv at google.com
Wed Dec 24 02:49:50 CET 2008
On Tue, Dec 23, 2008 at 5:14 PM, Shawn Steele
<Shawn.Steele at microsoft.com> wrote:
> Mark said:
>> I am far from as sanguine as you are about this change. If we could pull a
>> magic switch that converted everyone (registries and all lookup programs)
>> from 2003 to 2008 at once, these 4 characters wouldn't be a problem. Sadly,
>> we are going to have a mixture for the indefinite future, and having an IRI
>> go to two different locations depending on the particular program -- or
>> version or program -- in use: that is a very significant interoperability
>> and security problem.
>
> I don't think that any realistic solution can require servicing existing machines.
> For whatever reasons, people don't apply patches or whatever, and some will
> NEVER be updated, let alone at nearly the same time. (I think I'm agreeing
> with what you said :)
By the way, under my proposal, IRIs don't go to two different
locations, so there is no security problem. If anyone thinks there is,
please give a realistic scenario showing how it can be exploited.
(Then I can embellish the proposal to warn against that.)
Erik
More information about the Idna-update
mailing list