FYI, punctuation were also debated extensively back then so it isn't really 'Oh, we just discover this!'.
It's just interesting to see people putting it into action. Does apps needs to be fixed? Yes, absolutely. App developers needs to go read the security consideration of rfc3490 and think about how to implement some solution to reduce the spoofing risk.
but does it warrant changing the existing rfc? I dunno..I havent seen anything that suggest we missed something back then.
That's a pretty cavalier attitude for someone who used to be co-chair of an IETF Working Group.
http://ietf.org/html.charters/OLD/idn-charter.html
Maybe I should write an Informational RFC titled "IDN Considered Harmful". Would that catch your attention?
Erik
PS Re: RFC 3490 Security Considerations, please tell me exactly where punctuation is specifically mentioned.
