gerv at mozilla.org
Thu Mar 13 16:13:10 CET 2008
JFC Morfin wrote:
>> Well, it's on the website. But if you mean it should be brought to the
>> attention of users, I strongly disagree.
> Users must know about the way their system works and its self defined
"Must" is a strong word. Do you think your average Windows user has this
knowledge with respect to Windows? Does that stop them using the system
>> Again, I entirely disagree. Insecure-by-default and
>> highly-configurable are two anti-goals for Firefox.
> This could be true if this was operations transparent. It is not. It is
> security by operational constraints.
So is e.g. disabling SSL2, or low strength ciphers.
> If you do not expressely document
> your default and do not help its eacy tuning, you de facto create a
> denial of services as far as non listed suffixes are concerned.
Absolutely. That's the intention. Suffixes which are registering domains
using a set of characters containing homographs, and yet don't have an
anti-homograph policy, are exposing their domain owners to risk of being
spoofed, and customers of their customers to a risk of being phished. We
want no part of that.
>>> 5) This does not seem to support IDNccTLD and the Fast T/Crack ICANN
>>> project ?
>> By IDNccTLD, do you mean ccTLDs using IDN? We support the test URLs in
>> Firefox 3 betas.
> I mean what the Internet community calls IDNccTLD, i.e. TLD including a
> "--" in 3rd and 4th position.
> ICANN test URLs do not include open-roots, private network TLDs, GSMA TLD.
You are going to have to stop hitting me with acronyms. GSMA? Great
Smoky Mountains Association?
We don't plan to support any IDNTLDs except for those officially
approved by ICANN and entered into the global DNS root.
> Your proposition is obviously very interesting. I only react to a
> disregard of the user authorirty you seem to accept. At this time you
> have roughly four main network conception :
> 1. decentralised IANA/ICANN centric based upon the DNS
> 2. decentralised IETF/RIR/DoD Network centric based upon addressing and
> netcentricity concepts
> 3. distributed ISOC user centric based upon usercentricity
> 4. distributed WSIS person centric emerging/explored along the
> distributed referential system lines.
> What you say seems to put you between 1 and 2, while I would expect an
> Open Source to be 4 accepting 3, or informing users how to deal with
> their default protection.
> Also, did you relate with the MINC about this.
JFC, I'm trying hard to respond to your comments, but I'm really having
trouble decoding your version of English mixed with jargon. This is not
to be rude, it's just a fact.
More information about the Idna-update