Re: [idn] homograph attacks

[Martin Duerst <duerst@w3.org>]

At 01:39 05/02/18, Martin v. L‹Řis wrote:
>Martin Duerst wrote:
>>  >I don't see how this is relevant for this discussion. If the .com
>>  >registrar decides to use a subset of 639 only, I consider this a valid
>>  >choice. No need to register any language tag with IANA; all tags
>>  >you ever want to use are already there.
>> Not exactly correct. For cases like Serbian, Azerbaijani, Tajik,
>> which can be written with different scripts, you need more than
>> ISO 639.
>
>Please read my statement again. *If* the registrar decides to use
>a subset of 639 only, *then* all tags you ever want to use are
>already there.

Sorry, but that reading of the sentence was too trivial
for me to consider it.

>Now, the question is how the registrar deals with 639 languages
>that use multiple scripts. There are two obvious options:
>1. all characters in any of the scripts of the language can be
>    allowed in a domain label (allowing for unintended homographic
>    labels)
>2. the characters of the language are separated into disjoint
>    scripts, and each label registered for a language is required
>    to fall into one script.
>
>There are other options as well, of course: the registrar could
>try to block labels in other scripts than the registered one,
>if they are transliterations of each other. For example, for
>Tajik, it might be sensible to block a Latin label if the
>equivalent Cyrillic one has been registered.

Yes, that's more or less the choices they have. (1) is the
dangerous one, (2) is the easy one, and your transliteration
example may be easy or hard depending on the language.


Regards,    Martin.