W3C home > Mailing lists > Public > public-iri@w3.org > February 2010

RE: spoofing and IRIs

From: SM <sm@resistor.net>
Date: Sun, 28 Feb 2010 01:51:57 -0800
Message-Id: <6.2.5.6.2.20100228004534.09d25028@resistor.net>
To: Larry Masinter <LMM@acm.org>
Cc: <public-iri@w3.org>
Hi Larry,
At 22:25 27-02-10, Larry Masinter wrote:
>Going through the Security considerations of
>of draft-ietf-idnabis-defs-13 vs. the current
>"Security Considerations" of the current IRI document
>
>here's looking at
>http://tools.ietf.org/html/draft-ietf-idnabis-defs
>section 4:
>
>
>4.1 general: The mapping difference should be referenced
>   in the IRI document security considerations?
>   Not recapitulated?

Yes.

>* Do we need to review IDNA2008-Bidi against the
>   BIDI advice in the IRI document?
>   (I talked with Martin about possibly moving the
>    BIDI discussions to a separate document,  mainly
>   to facilitate letting other editors work on the
>   BIDI sections)?

I suggest expert review by a native speaker in addition to reviewing 
draft-ietf-idnabis-bidi-07.

>4.2 U-label lengths
>   Are there any additional concerns about URI length
>   limits that should be addressed here? Are there
>   IRI length limits that are different than the URI
>   length limit?

I haven't looked into this in the context of IRI.

>4.3 Local Character Set: I think for IRIs there are
>   related issues with the document character set?
>   Are there special issues for the query parameters
>   being remapped according to the document encoding?

I'll give the same answer as above.

>4.4 (this is the 'spoofing' issue) Do you like what
>   idnabis-defs says better than what I wrote below?
>   I kind of wanted to punt the whole thing to
>   UTR36.

Section 4.4 refers to visual similar characters (sometimes called 
"confusables").  Your text talks about presentation whether visually 
or read out loud.  Both texts note that there may not be a technical 
solution to the problem.  Your text conveys the idea that this is a 
difficult problem to solve.  I have a preference for the text in 
Section 4.4 because of its second paragraph.  I would put in 
a  pointer to UTR36 as that document is more elaborate.

Regards,
-sm 
Received on Sunday, 28 February 2010 09:52:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:39:41 UTC