On 5/2/12 1:45 PM, =JeffH wrote: >> 13. Internationalized Domain Names for Applications (IDNA): Dependency >> and Migration >> >> IDNA2008 obsoletes IDNA2003, but there are differences between the >> two specifications, and thus there can be differences in processing >> (e.g., converting) domain name labels that have been registered under >> one from those registered under the other. There will be a >> transition period of some time during which IDNA2003-based domain >> name labels will exist in the wild. User agents SHOULD implement >> IDNA2008 [RFC5890] and MAY implement [RFC5895] (see also Section 7 of >> [RFC5894]) or [UTS46] in order to facilitate their IDNA transition. >> >> I might be kicking a dead horse here, but MAY sounds a bit weak. >> I especially dislike having the choice between 2 incompatible specs, >> I think this might cause some interop problems. > > As far as I can tell, having had fairly extensive discussions with IDNA > folk both privately and on various lists such as idna-update@, the above > relects the the unfortunate state of the world at this time. For > instance, Pete Resnick signed off on the language in the spec in this > message to websec@... > > Re: [websec] wrt IDN processing-related security considerations for > draft-ietf-websec-strict-transport-sec > https://www.ietf.org/mail-archive/web/websec/current/msg01015.html > > we should probably fork off any further discussion on this topic to that > thread.
Unfortunately, I think the text that Jeff produced is about the best we're going to do right now. Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
