On Wednesday, June 4, 2014 9:03:02 PM CEST, Matthias Andree wrote:
Is Microsoft going
to implement it?
Microsoft has implemented it. They asked for interoperation testing earlier
this week.
IBM's Lotus Domino/Notes suites on the client end?
No idea.
Except that IBM has offices in Beijing and sells to the Chinese government,
and the Chinese government really likes EAI.
+ Unicode normalization forms, are these handled consistently?
<http://www.unicode.org/reports/tr15/>
I searched the patch for the word fragment "normal", no hits.
I find that worrisome.
That's in ICU, which the patch calls.
+ Characters that are different but use similar-looking gylphs,
(homoglyphs), for instance, between Greek/Cyrillic/Latin scripts.
Latin A, Cyrillic A, Greek A are three code points for an
indistinguishable character. A А Α <- in what order are these?
Hint:
0000000: 4120 d090 20ce 910a A .. ...
or U+0041 U+0020 U+0410 U+0020 U+0391
Is there a consistent policy for treating them that does not open up
loop- and ratholes and pitfalls and barndoors and all other sorts of
unfortunate openings for unaware/malicious parties?
That is, blessedly, not a problem for Postfix. It's mostly a TLD registry
issue. Each registry has rules, mostly similar but far from identical.
+ How does the patch make Postfix deal with table lookups for tables
that don't go through postmap and cannot be normalized?
No changes done. Some are needed, yes.
I don't want to create artifical adoption obstacles here, but I think
there is some room for nasty surprises, and that space needs exploration
and solutions. That's not just security discussion, but also
reliability.
(Perhaps Unicode requires - or I missed - homoglyph tables, and case
mapping tables...)
ICU contains the tables required. (Before you ask, I don't know how ı/I/i/İ
is handled. I'm curious myself.)
I'm somewhat unhappy that the patch links ICU into more postfix executables
than the one that really needs it.
I think Wietse's expectation on how not to change established behaviour
of release versions is clear, and I've always known I can rely on
Postfix's compatibility. (Not to say that Postfix's compatibility is
exemplary, as in "good example", but I digress.)
Wietse is right. It makes me sad, but he is right.
Arnt
