Consensus Call Tranche 8 Results

Simon Josefsson simon at josefsson.org
Wed Nov 5 10:26:47 CET 2008


"YAO Jiankang" <yaojk at cnnic.cn> writes:

>>> It is still premature to add eszett and final sigma until we have some
>>> accompanying text that addresses the security exploit.
>>> The two possibilities I could think of are:
>>>
>>>    1. Change the prefix for xn--
>> 
>> That would work, but it is costly.  It is good to keep this option in
>> the discussion, as a sanity test of the cost-benefits of other options.
>> I claim that any solution that is more expensive to implement and deploy
>> than changing the xn-- prefix should be disqualified.  Of course, the
>> difficult part is to assess costs.
>> 
>
> agree, changing the prefix is too costly to work.

I didn't say that.

Changing the prefix is technically simple but costly from a deployment
point of view.  Without knowing the cost of the other options, you
cannot know whether those other options cost more or less than changing
the prefix.  To measure the cost of the other solutions, you need an
analysis.  We haven't seen any analysis in this context.

If there is no compelling analysis to support another approach, I would
actually support changing the prefix.  There are some advantages in
changing the prefix: it becomes clear which version of the IDNA
specifications were used by the encoder.  That information is lost when
the same prefix is used by both IDNA2003 and IDNA2008.

/Simon


More information about the Idna-update mailing list