On 7/5/17 4:41 PM, Peter Saint-Andre wrote: > On 7/5/17 4:13 PM, Adam Roach wrote: >> Adam Roach has entered the following ballot position for >> draft-ietf-precis-7700bis-08: Yes >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-precis-7700bis/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> I like the clear explanation of some of the design choices in here (e.g., the >> rationale for using NFKC). >> >> There are two places that I think a slight bit of additional text might be >> useful: >> >> 1. When talking about processing "each string" in section 2.4, it's probably >> worth noting that implementations should be careful not to assume that any >> information received from a wire protocol has necessarily had any of the >> rules >> in this document applied to it (as this might allow intentionally >> noncompliant >> clients to slip certain kinds of shenanigans past their checks); and > > draft-ietf-precis-7564bis contains the following sentence: > > When an application applies a profile of a PRECIS string class, it > transforms an input string (which might or might not be conforming) > into an output string that definitively conforms to the profile. > > It strikes me that something similar would be useful here, especially > the concepts of "input string" and "output string".
I'd like to propose that we add the following text at the end of Section 2.3 on Enforcement: The result of the foregoing operations is an output string that conforms to the Nickname profile. Until an application produces such an output string, it MUST NOT treat the string as conforming (in particular, it MUST NOT assume that an input string is conforming before the enforcement operation has been completed). And the following text at the end of Section 2.4 on Comparison: Until an application determines whether two strings are to be considered equivalent, it MUST NOT treat them as equivalent (in particular, it MUST NOT assume that an input string conforms to the rules before the comparison operation has been completed). Would that address the concern? (I'd add similar text in 7613bis.) >> 2. Where the final paragraph of section 4 indicates that the operations in >> this >> document are not necessarily idempotent, it is probably worth being more >> explicit that they should be applied repeatedly until the output string is >> stable; or, if the string does not stabilize after a reasonable number of >> iterations (is this possible?), that it should be rejected as invalid. > > Thanks for the suggestion; although we might think that's implicit in > the notion of non-idempotence, it's much better to make the > ramifications and handling explicit. I'll add this text in the post-IESG > version. Does the following text address the concern? Implementation experience has shown that applying the rules for the Nickname profile is not an idempotent procedure for all code points. Therefore, an implementation SHOULD apply the rules repeatedly until the output string is stable; if the output string does not stabilize within a reasonable number of iterations, the implementation SHOULD terminate application of the rules and reject the input string as invalid. Peter _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
