[UA-discuss] Review of UASG018

Jim Hague jim at sinodun.com
Mon Jan 7 16:19:57 UTC 2019


On 05/01/2019 01:36, Jim DeLaHunt wrote:
> /Page count/: was 24 pages in Version 0.96 (March 10th, 2017), the
> previous copy I had locally. It is 17 pages in Version 1.1 (July 13th,
> 2018). The list of changes don't explain to me how 17 pages was cut.
> Some is editorial: a blank page 2 was dropped. But some must have been
> substantive. The revision history should give a clue if scope was changed.

As one of the authors of the initial version of UASG018, I was
interested in what substantive changes had been made. On the basis of a
brief review, I can summarise these as:

1. All non-technical library evaluation has been removed.
2. Low-level tests removed:
- L-R2A, IDNA2008, convert registration label to ASCII registry form.
- L-DNC, IDNA2008, domain name equivalence comparison.
3. High-level tests removed:
- H-DND, Domain name, decompose into component labels.
- H-ED, Email address, decompose into components (i.e. mailbox, domain).
- H-US, URL, syntactic check.
- H-UD, URL, decompose into components (i.e. scheme, domain, user, port,
path, arguments)
4. High-level test added:
- H-ID, identifier lookup, compare identifier stored in the system
against one used to authenticate user (whatever that means). Verify it
follows RFC8264.

We would be intrigued to learn the rationale for these changes.

The non-technical library evaluation is intended to summarise
information developers need when deciding to incorporate a library into
a product. The aspects summarised are, in practice, at least as
important as simple technical correctness.

The removed tests all cover operations that application programmers need
to perform and, with the possible exception of L-R2A, need to perform
frequently. These operations are complex to perform correctly within an
application, and so are very commonly not implemented correctly.

Finally, we are puzzled as to the usefulness of H-ID in the context of
UA. RFC5890 explicitly notes that it does not use Stringprep (RFC3454).
PRECIS(RFC8264), the successor to Stringprep, is therefore surely
irrelevant to IDNA/UA?
-- 
Jim Hague - jim at sinodun.com          Never trust a computer you can't lift.


More information about the UA-discuss mailing list