Skip to main content

Last Call Review of draft-klensin-idna-unicode-review-03
review-klensin-idna-unicode-review-03-secdir-lc-wood-2019-09-10-00

Request Review of draft-klensin-idna-unicode-review
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-08-30
Requested 2019-08-02
Authors Dr. John C. Klensin , Patrik Fältström
I-D last updated 2019-09-10
Completed reviews Secdir Last Call review of -03 by Christopher A. Wood (diff)
Genart Last Call review of -02 by Joel M. Halpern (diff)
Assignment Reviewer Christopher A. Wood
State Completed
Request Last Call review on draft-klensin-idna-unicode-review by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/WKjh3DM8tPxd5c4vV4A5mjeHVG4
Reviewed revision 03 (document currently at 05)
Result Has nits
Completed 2019-09-10
review-klensin-idna-unicode-review-03-secdir-lc-wood-2019-09-10-00
This document looks mostly good to go. I only have a few questions and some
various editorial nits.

Questions:
- Section 4, last paragraph: Will code points "considered unsafe" be labelled
as such, and if so, where? In the derived property IANA tables? (Assuming those
tables are kept.) - Section 5, second paragraph: How will the success of this
document's proposed changes be measured in order to determine if further steps
towards minimizing confusion are needed?

Nits:
- Section 2, first paragraph, first sentence: It seems a comma is missing after
[RFC3491] reference, i.e., "..., commonly known as "IDNA2003" [RFC3490]
[RFC3491], ...". - Section 3, second paragraph: s/full Unicode versions/major
Unicode versions? - Section 3.1: s/also concluded that maintain Unicode/also
concluded that Unicode? - Section 4, third paragraph: Is the requirement that
changes which are "documented" redundant with the following "explained"
requirement? (That is, perhaps just say "... must be documented and explained."
- Security Considerations, second paragraph: Do "end users" include systems
that process or interpret Unicode values? If not, it might help to specifically
call them out, as problems may arise from misinterpretation there.