SASLprep200x
Erik van der Poel
erikv at google.com
Thu Jan 11 06:17:04 CET 2007
On 1/10/07, Martin Duerst <duerst at it.aoyama.ac.jp> wrote:
> At 01:55 07/01/11, Erik van der Poel wrote:
>
> >There is at least one hitch. How can a user agent >implementor/implementation know which registrar a registrant used for
> >a particular label in the registry?
>
> I'm not seeing how this is relevant. Can you explain? Why would
> a user agent want or need to know this? Why would a user agent
> even need to know which registry made the registration, or
> what exactly the characters are that it allows? If a character
> isn't allowed, it will simply not get resolved, so there is
> no spoofing/phishing issue.
I was only responding to Patrik's mention of the registrARS, which he
may only have included in order to get 7 layers, rather than 6. :-)
Indeed, most user agents probably don't need to know which characters
are allowed by the registry. There may be a few people who would like
to check whether a registry is enforcing the rules that is has
published, but there may not be very many user agents that offer such
checking to end-users.
> >Another issue is the one I pointed out earlier: for true end-to-end >interoperability (from human registrant to human user), the user agent
> >set must not be a subset of the registry set. (They must be the same
> >set.)
>
> No, it is okay if the user agent set is a superset of the registry
> set.
Yes, I realized this right after I sent that email. It is OK if the
user agent set is a superset of the registry set, as long as dangerous
characters like the slash look-alikes are not included.
Thanks,
Erik
More information about the Idna-update
mailing list