IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec

Adam Barth ietf at
Fri Sep 30 21:30:56 CEST 2011

On Fri, Sep 30, 2011 at 12:18 PM, Peter Saint-Andre <stpeter at> wrote:
> On 9/30/11 1:12 PM, Andrew Sullivan wrote:
>> On Fri, Sep 30, 2011 at 12:58:56PM -0600, Peter Saint-Andre wrote:
>>> Because it seems that most or all of the browsers implement IDNA2003 but
>>> have no plans to migrate to IDNA2008.
>> Really?  Or is this rather "plan to implement IDNA2008 + UTS46"?  The
>> latter is a mapping that breaks some features of IDNA2008, but doesn't
>> break everything.
>> AFAICT, ICANN's current IDN TLD plans, as well as the IDN
>> Implementation Guidelines currently out for public comment, depend on
>> IDNA2008.  If no browser is actually going to implement IDNA2008, then
>> we have a serious mismatch between the publishing side and the
>> consuming side, and perhaps policy needs to be re-examined.
> Perhaps so. Adam Barth can provide more accurate insights than I can
> regarding the state and future of the browsers in this regard.

I don't know of any plans on the part of browser vendors to change
IDNA algorithms.  My understanding is that the constraints browser
vendors face were not taking into account when defining IDNA2008.

More concretely, I can tell you that Chrome plans to continue to
implement IDNA2003 for the foreseeable future.


More information about the Idna-update mailing list