Yes, but the security impact of such confusion is very small: you get a match or not on some requested content. Or you get the wrong content. But language tags are not addresses. Addresses present a security risk. Asking for de-L996 is a security risk how? Addison Addison P. Phillips Globalization Architect, Quest Software Chair, W3C Internationalization Core Working Group Internationalization is not a feature. It is an architecture. > -----Original Message----- > From: ltru-bounces at lists.ietf.org [mailto:ltru-bounces at lists.ietf.org] On > Behalf Of Peter Constable > Sent: 2005?5?12? 8:46 > To: LTRU Working Group > Subject: RE: [Ltru] [psg.com #967] address homograph > issuesinsecurityconsiderations > > > From: ltru-bounces at lists.ietf.org [mailto:ltru-bounces at lists.ietf.org] > On > > Behalf Of Addison Phillips > > > > Close to rejecting it? It's utterly confused. Langtags have nothing to > do > > with IDN (which uses xn-- for something special) and there are no > > homographs in the ASCII range allowed for language tags (unless you > count > > L vs. 1 and o vs. 0). But these are restricted in use (nearly all the > > defined tags use alpha codes) and would have no measurable security > impact. > > Quite so. To compare with the security issues of IDN is more than a > stretch. > > On the other hand, can we be certain that someone someday might not find > a way to turn a confusion between e.g. 1996 and l996 in some future > client protocol? > > I'm not saying I'm convinced it's something we need to do. Just raising > possibilities. > > > > Peter Constable > > _______________________________________________ > Ltru mailing list > Ltru at lists.ietf.org > https://www1.ietf.org/mailman/listinfo/ltru _______________________________________________ Ltru mailing list Ltru at lists.ietf.org https://www1.ietf.org/mailman/listinfo/ltru
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.