[OPS-DIR] Review of draft-ietf-idnabis-protocol-16.txt

Margaret Wasserman mrw at sandstorm.net
Wed Oct 14 05:01:48 CEST 2009

Hi Vint,
> Use the Punycode decoding step to convert to U-label, if this fails,  
> it isn't valid Punycode

Would it make sense to say this in the idnabis-protocol spec?  I don't  
think it is necessary
to explain how to decode Punycode, but a statement that indicates that  
this is the method
that registries should use to detect "Fake A-Labels" would be good to  
include, IMO.

>> This document does not contain a material Security Considerations  
>> section, instead
>> referring to the Security Considerations sections of other  
>> documents.  However, it
>> doesn't appear to me that those Security Considerations sections  
>> completely cover the
>> security topics related to a registry that accepts IDNA  
>> registrations.  For instance,
>> should a registry consider rejecting registrations for domain names  
>> that contain
>> mutliple scripts?  Is there anything that registries need to do (or  
>> even can do)
>> to (help their customers) avoid the problems described in section  
>> 4.3 of idnabis-defs
>> draft?
> See Rationale for the best advice currently available.

The idnabis-protocol Security Considerations section does not cite the  
document.  Should it?  Is there a particular section that contains  
this advice?


More information about the Idna-update mailing list