IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec

Patrik Fältström patrik at
Fri Sep 30 21:24:37 CEST 2011

On 30 sep 2011, at 21:58, Peter Saint-Andre wrote:

> Because it seems that most or all of the browsers implement IDNA2003 but
> have no plans to migrate to IDNA2008.

Hmm....have they REALLY implemented IDNA2003, or are they "just" calling Simons libidn?

Or are they calling normalization functions that happens to be of the version of the unicode version that is installed on the operating system of their choice?

I would like to see some more data here.

But, regardless of that, when do you think it is time to start referencing an RFC that has replaced an earlier one? ;-)


More information about the Idna-update mailing list