[OPS-DIR] Review of draft-ietf-idnabis-protocol-16.txt
Margaret Wasserman
mrw at sandstorm.net
Wed Oct 14 05:01:48 CEST 2009
Hi Vint,
>
> Use the Punycode decoding step to convert to U-label, if this fails,
> it isn't valid Punycode
Would it make sense to say this in the idnabis-protocol spec? I don't
think it is necessary
to explain how to decode Punycode, but a statement that indicates that
this is the method
that registries should use to detect "Fake A-Labels" would be good to
include, IMO.
>>
>> This document does not contain a material Security Considerations
>> section, instead
>> referring to the Security Considerations sections of other
>> documents. However, it
>> doesn't appear to me that those Security Considerations sections
>> completely cover the
>> security topics related to a registry that accepts IDNA
>> registrations. For instance,
>> should a registry consider rejecting registrations for domain names
>> that contain
>> mutliple scripts? Is there anything that registries need to do (or
>> even can do)
>> to (help their customers) avoid the problems described in section
>> 4.3 of idnabis-defs
>> draft?
>
> See Rationale for the best advice currently available.
The idnabis-protocol Security Considerations section does not cite the
Rationale
document. Should it? Is there a particular section that contains
this advice?
Margaret
More information about the Idna-update
mailing list