[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] homograph attacks

To: "Martin v. L‹Øis" <martin@v.loewis.de>, Michel Suignard <michelsu@windows.microsoft.com>
Subject: Re: [idn] homograph attacks
From: Martin Duerst <duerst@w3.org>
Date: Thu, 17 Feb 2005 09:20:45 +0900
Cc: Erik van der Poel <erik@vanderpoel.org>, William Tan <wil@dready.org>, "Kane, Pat" <pkane@verisign.com>, idn@ops.ietf.org, ericj@shmoo.com, tedd <tedd@sperling.com>, dam@icann.org
In-reply-to: <4213D70E.7040809@v.loewis.de>
References: <FD16260E2EDF204E80A22FB904A425C30BCA6FD6@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <4213D70E.7040809@v.loewis.de>

It is very important to be clear about the fact that neither
the .de table nor the .ch table (at http://www.switch.ch/de/id/faq/idn.html)
too close a relationship with German as a language (or French,
Italian, or Romansh in the Swiss case). These tables are as
much based on user needs (which we can assume have a linguistic
basis) as on technical needs. The Swiss registry decided to
keep their iso-8859-1-based implementation, whereas the German
registry upgraded to utf-8 when they introduced IDNs.

What European standards bodies spent forests of paper on was
an attempt at some 'ultimately correct' linguistic-based table.
What we need for IDN are reasonably okay tables that do not
need to be 'linguistically correct'.

Regards,    Martin.

At 08:28 05/02/17, Martin v. L‹Øis wrote: >Michel Suignard wrote: >> I have seen European standard bodies spending forests of paper to try >> to establish these language tables, but there have never been an >> authoritative version because simply you can't. > >Why do you say that? DENIC is using an authorative list for .DE, see > >http://www.denic.de/de/domains/idns/liste.html > >> It is not a bad idea to have language tables to filter, but you have >> to allow exception for the reasons exposed above. > >No, you don't. The exception you mention (H臑gen-Dazs) is already >covered in the list of characters. It might be that some company >cannot use its logo as a domain name - tough luck. There might not >even be a Unicode character for the logo. They will find a solution, >using some sort of transliteration. If enough users complain that >they want a certain, say, Greek character to be available in the >.de zone, DENIC might reconsider. However, I very much doubt this >will ever happen. For the .de zone, the DENIC list of characters >covers all actual needs. It may be that artificial needs are not >covered, but I could not care less. > >It is a very good idea to be more restrictive at the beginning, >and the gradually become less restrictive. This is how the DNS >started out - allowing only ASCII letters. With IDNA, it is >possible to widen this, but that does not mean you cannot have >a policy more restrictive than "full Unicode". > >Regards, >Martin >

References:
- RE: [idn] homograph attacks
  - From: "Michel Suignard" <michelsu@windows.microsoft.com>
- Re: [idn] homograph attacks
  - From: "Martin v. Löwis" <martin@v.loewis.de>

Prev by Date: Re: [idn] homograph attacks
Next by Date: RE: [idn] homograph attacks
Previous by thread: Re: [idn] homograph attacks
Next by thread: RE: [idn] homograph attacks
Index(es):
- Date
- Thread