IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec

Peter Saint-Andre stpeter at
Fri Sep 30 21:18:31 CEST 2011

On 9/30/11 1:12 PM, Andrew Sullivan wrote:
> On Fri, Sep 30, 2011 at 12:58:56PM -0600, Peter Saint-Andre wrote:
>> Because it seems that most or all of the browsers implement IDNA2003 but
>> have no plans to migrate to IDNA2008.
> Really?  Or is this rather "plan to implement IDNA2008 + UTS46"?  The
> latter is a mapping that breaks some features of IDNA2008, but doesn't
> break everything.
> AFAICT, ICANN's current IDN TLD plans, as well as the IDN
> Implementation Guidelines currently out for public comment, depend on
> IDNA2008.  If no browser is actually going to implement IDNA2008, then
> we have a serious mismatch between the publishing side and the
> consuming side, and perhaps policy needs to be re-examined.

Perhaps so. Adam Barth can provide more accurate insights than I can
regarding the state and future of the browsers in this regard.


Peter Saint-Andre

More information about the Idna-update mailing list