IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec
stpeter at stpeter.im
Fri Sep 30 21:18:31 CEST 2011
On 9/30/11 1:12 PM, Andrew Sullivan wrote:
> On Fri, Sep 30, 2011 at 12:58:56PM -0600, Peter Saint-Andre wrote:
>> Because it seems that most or all of the browsers implement IDNA2003 but
>> have no plans to migrate to IDNA2008.
> Really? Or is this rather "plan to implement IDNA2008 + UTS46"? The
> latter is a mapping that breaks some features of IDNA2008, but doesn't
> break everything.
> AFAICT, ICANN's current IDN TLD plans, as well as the IDN
> Implementation Guidelines currently out for public comment, depend on
> IDNA2008. If no browser is actually going to implement IDNA2008, then
> we have a serious mismatch between the publishing side and the
> consuming side, and perhaps policy needs to be re-examined.
Perhaps so. Adam Barth can provide more accurate insights than I can
regarding the state and future of the browsers in this regard.
More information about the Idna-update