On Sun, Sep 17, 2017, at 15:41, Peter Saint-Andre wrote: > Why would an application need to care about this? This is an internal > implementation detail of a PRECIS library/API, and IMHO it would be > irresponsible of the library/API author to offer an option for > application developers to select how many times to apply the rules.
That's fair, but in that case this specific profile is a special case that takes a massive performance penalty even when it doesn't need too (if the library author did this at all). My point is that we can't count on this, and there are still opinions and if's in that statement. We should be trying to make this as secure as possible at the spec level; regardless of what we feel might be more important, if it's easier to not do this, or it incurs a big performance penalty to do it some library authors probably won't. > Sam, I am going to reiterate that we are EXTREMELY close to publication > of this document - it could have happened on, say, Thursday morning > right before you posted to the list about this. Please please please > either propose very specific text or point to an earlier email message > where you did so, because personally I have forgotten if you already did > that and my recollection from the previous discussion was that you did > not raise objections to the compromise text that Bill Fisher and I > agreed on. If your proposal is that we make significant changes to the > document at this time, then the Working Group chair or Area Director > will likely have to suggest a path forward, because your feedback is > coming so very late in the process. I don't have a specific solution; I understand that this would require reworking the Nickname profile to not use NFKD which is a huge change, and that's unfortunate, but I still do not beleive it's appropriate to publish this document in its current form. I voiced this opinion early on, and the compormise change did nothing to address it, so I did not voice it again at that time, maybe I should hvae. I am voicing the feedback again now because I think the spotify article is better evidence that this is a real problem than I had before. —Sam _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
