RE: spoofing and IRIs

Hi Larry,
At 22:25 27-02-10, Larry Masinter wrote:
>Going through the Security considerations of
>of draft-ietf-idnabis-defs-13 vs. the current
>"Security Considerations" of the current IRI document
>
>here's looking at
>http://tools.ietf.org/html/draft-ietf-idnabis-defs
>section 4:
>
>
>4.1 general: The mapping difference should be referenced
>   in the IRI document security considerations?
>   Not recapitulated?

Yes.

>* Do we need to review IDNA2008-Bidi against the
>   BIDI advice in the IRI document?
>   (I talked with Martin about possibly moving the
>    BIDI discussions to a separate document,  mainly
>   to facilitate letting other editors work on the
>   BIDI sections)?

I suggest expert review by a native speaker in addition to reviewing 
draft-ietf-idnabis-bidi-07.

>4.2 U-label lengths
>   Are there any additional concerns about URI length
>   limits that should be addressed here? Are there
>   IRI length limits that are different than the URI
>   length limit?

I haven't looked into this in the context of IRI.

>4.3 Local Character Set: I think for IRIs there are
>   related issues with the document character set?
>   Are there special issues for the query parameters
>   being remapped according to the document encoding?

I'll give the same answer as above.

>4.4 (this is the 'spoofing' issue) Do you like what
>   idnabis-defs says better than what I wrote below?
>   I kind of wanted to punt the whole thing to
>   UTR36.

Section 4.4 refers to visual similar characters (sometimes called 
"confusables").  Your text talks about presentation whether visually 
or read out loud.  Both texts note that there may not be a technical 
solution to the problem.  Your text conveys the idea that this is a 
difficult problem to solve.  I have a preference for the text in 
Section 4.4 because of its second paragraph.  I would put in 
a  pointer to UTR36 as that document is more elaborate.

Regards,
-sm

Received on Sunday, 28 February 2010 09:52:52 UTC