On 7/5/17 3:41 PM, Adam Roach wrote: > Adam Roach has entered the following ballot position for > draft-ietf-precis-7564bis-08: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-precis-7564bis/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Section 12.5 contains the following normative statement: > >> Furthermore, because most languages are typically >> represented by a single script or a small set of scripts, and >> because most scripts are typically contained in one or more >> blocks of code points, the software SHOULD warn the user when >> presenting a string that mixes code points from more than one >> script or block, or that uses code points outside the normal >> range of the user's preferred language(s). > > This guidance seems broadly unimplementable for any users whose native > language > uses a non-Latin script. Due in large part to the Internet's ASCII heritage, > and combined with the somewhat ubiquitous use of Latin characters for other > worldwide purposes (e.g., a quick perusal of Russian- and Chinese-language web > sites shows numerous examples of Latin representations for things like stock > ticker symbols and metric abbreviations), it seems that the normative > requirement to warn when "presenting a string that... uses code points outside > the normal range of the user's preferred language(s)" will *either* warn > non-Latin-character users almost constantly (if Latin is considered outside > the > range), or be broadly useless in preventing spoofing (if it is). > > I'm not clever enough to come up with a generalized solution for users of all > alphabets, so don't have a generic proposal here; but I think that the > guidance > does at least need to be properly scoped so that it bears only on warning > Latin > alphabet users of the presence of non-Latin characters, while acknowledging > that it is probably rather useless when used in the opposite direction. I > imagine that it still makes sense to warn non-Latin users of non-Latin > characters outside the codepoints used by their language (e.g., warning Greek > speakers of the presence of Cyrillic characters).
Good catch. Yes, we could add a carve-out for characters from the ASCII repertoire when the context is Internet applications that use such characters. (It's not *necessarily* the case that all applications using PRECIS are Internet applications or involve ASCII characters - e.g., perhaps an application deployed on a closed intranet within, say, the Chinese government could still use the PRECIS rules to handle input and output strings, without any ASCII characters ever shown to end users.) Peter _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
