secdir review of draft-ietf-idnabis-rationale-13.txt
charliek at microsoft.com
Mon Oct 5 22:35:06 CEST 2009
I am reviewing this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Feel free to forward to any appropriate forum.
This I-D is part of a set of I-D's that update the RFCs on Internationalized Domain Names. This document is intended to become an Informational RFC and provides a rationale for the proposed changes (as well as for the initial design of IDNA). Its Security Considerations section defers to draft-ietf-idnabis-defs-11.txt, which has a good Security Considerations section.
In my opinion, the change to IDNs that warrants the most concern is the fact that for some IDNs the new set of RFCs will specify a different representation than the old one did. This could in theory cause security problems, though that seems intuitively unlikely (to me, at least).
I would question one statement in the document.
More information about the Idna-update