Re: [idn] IDNs in IE and Google

["Soobok Lee" <lsb@postel.co.kr>]

----- Original Message ----- 
From: "Martin v. Löwis" <martin@v.loewis.de>
 > In fact, MSIE 6 does process URLs with non-ASCII characters - even
> though not in the suggested way (but instead, apparently by sending
> UTF-8 directly to the wire). Changing it to perform IDNA on the
> host part (and leaving everything else as-is) would not make it less
> standards-conforming, and give users added value.
 
That makes sense and works in many cases,as cab be seen in some plugin approaches.
 
But, in some cases , it is obvious that it will cause security/architectural problems..

<a href=www.xn--blahblah.com>  is ugly and won't be acceptable to MS
Windows folks. That is why MS waits for  full IRI spec for HTML, i guess.
 
Thinking that Content/Javascript/Java/Cookie security models heavily depends on text 
represenatations of hostname and file path parts of URL(then IRI), MS's current conservative 
postitions may be justified for security reasons.

Still i don't have full information about how Mozilla  implementations of IDNA  had addressed this
security issues clearly.

Soobok Lee