On 20-Feb-25 06:58, Eric Rescorla wrote:
On Wed, Feb 19, 2025 at 6:16 AM S Moonesamy <sm+ietf@xxxxxxxxxxxx <mailto:sm%2Bietf@xxxxxxxxxxxx>> wrote: Hi Stephane, At 01:26 AM 19-02-2025, Stephane Bortzmeyer wrote: >Process remark: it is informational while the IDNA draft asks for >Standards Track. Ok. >OK, if there is a serious discussion about business issues in every >RFC (HTTP cookies…). A serious discussion may happen if people have some incentive to do it. I came across a 2023 blog post which was written by an ICANN director, Security, Stability and Resiliency Research. Here's an excerpt from it: "Some evidence suggests, for example, that malicious actors may prefer registrars that provide low registration prices or that accept specific payment methods. They also may look for registrars that offer free application programming interfaces (APIs) for bulk registrations or avoid registrars that require certain information in the purchasing process. Nonetheless, no study has systematically examined the preferences of attackers." It's hardly a surprise that those who do a lot of registrations prefer registrars with low prices. Surely you're not asking the IETF to take the position that high registration prices are good.
I hope not. It was my personal position in ~1998 but Ira Magaziner decided otherwise. However, I certainly thought then and think now that it isn't the IETF's business. Rewriting history is not the point here. The text under debate is objective background to why look-alikes in IDNA are a potential problem. I could understand a critique that this background material should perhaps be in an appendix to the draft, with the main text focussed on the normative material. I understand that not everybody may like John's writing style. I don't understand a critique suggesting that it's inappropriate to provide this background. Brian
-Ekr
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
