Open issues
Mark Davis
mark at macchiato.com
Thu Jan 22 03:10:09 CET 2009
Here is the doc that I'd put together on remaining issues:
http://www.macchiato.com/unicode/idna/open-issues
(This message doesn't imply that Vint is in agreement any particular issues,
just that it is available for discussion. Both this and the label
categorization were from a little while back, before Paul's message, but I
hadn't had a chance to put them out.)
A copy below.
====
Open Issues
------------------------------
There appear to be a relatively small number of issues still remaining in
IDNA2008. Here's my shot at identifying them. They are stated as "consensus
requests", but need more discussion before we'd put them out as such.
------------------------------
Security Considerations Should we:
1. document how the compatibility problems between 2003 and 2008 can
cause security problems (See
http://docs.google.com/Doc?id=dfqr8rd5_361dwv9cff8 )
2. document the security issues that can arise in BIDI where Label
Uniqueness and Character Grouping are not maintained. (These goals cannot be
guaranteed because of intra-label issues and variance among bidi
implementations).
Local Mapping Should we:
Strongly discourage any local mapping except for a generic mapping aimed at
providing compability with 2003, to prevent interoperability and security
problems. Encourage use of the generic compatibility mapping to provide for
a smooth transition.
Justify unsupported statements in Rationale Should we fix currently
unsupported statements that:
1. imply that changes from DISALLOWED to PVALID are harmful. (Rationale)
2. say that "characters are permanently excluded". (Rationale)
1. As per John Klensin: *"People have complained about statements that
appear to predict what the IETF will do in the future or to commit it to
future actions and those statements have been removed or
corrected as they
have been identified."*
3. say that allowing UNASSIGNED in lookup is *"(something that is now
recognized as a considerable source of risk)"*. (Defs)
4. say *"because they are actively dangerous in URI, IRI, or similar
contexts"*.
For example, for #5, if it is because of visual confusability with URI/IRI
syntax characters, then we should say so and give the paradigm example
(FRACTION SLASH). *This does not request a change in the protocol, but just
an avoidance of unsubstantiated claims.*
Lookup A-Label requirements Should we require (or recommend) that:
A-Labels be checked for validity when doing lookups?
Valid Label Stability Should we document that the intent is for valid
labels to be stable, that is:
Once a label is valid, it remains valid under any future version of IDNA,
including changes in the registry (CONTEXT). In particular:
1. A character cannot move from PVALID to CONTEXT, or from CONTEXT to
DISALLOWED, or (importantly) have CONTEXT rules changed in a way that would
invalidate labels.
2. Labels can move from invalid to valid. This will happen with each new
version of Unicode, for example, as DISALLOWED characters move to PVALID. It
will also happen if CONTEXT rules become more liberal for a given
characters. Only in extremis will it happen that DISALLOWED characters move
to either CONTEXT or PVALID.
Invalid Label Stability Should we document that:
Invalid labels are clearly not stable, in that an invalid label may become
valid in later versions of IDNA, or because of IANA registry updates:
1. Normally this will be because UNASSIGNED characters become ALLOWED, or
because CONTEXT rules are broadened.
2. In rare cases, this will be because the IETF adds characters to the
Exception list that were formerly DISALLOWED.
------------------------------
Open Issues The following are remaining open issues, that need more work
before even a consensus can be reached.
Context Rules The Context Rules are in very, very rough shape, and will
require considerable work before they can be finalized.
Bidi
1. Whether to allow Arabic-Indic and Extended Arabic-Indic digits in the
same label?
2. Examining implementations to see whether or not the rules should be
tightened based on existing practice as well as the spec.
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.alvestrand.no/pipermail/idna-update/attachments/20090121/36ecffac/attachment.htm
More information about the Idna-update
mailing list