Return-Path: <cyrus@eikenes.alvestrand.no>
Received: from eikenes.alvestrand.no ([unix socket])
	by eikenes.alvestrand.no (Cyrus v2.1.11-Mandrake-RPM-2.1.11-1mdk) with LMTP; Tue, 22 Feb 2005 23:01:50 +0100
X-Sieve: CMU Sieve 2.2
Return-Path: <owner-idn@ops.ietf.org>
Received: from localhost (localhost.localdomain [127.0.0.1])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 9740D61C0A
	for <Harald@Alvestrand.no>; Tue, 22 Feb 2005 23:01:50 +0100 (CET)
Received: from eikenes.alvestrand.no ([127.0.0.1])
 by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 03301-06 for <Harald@Alvestrand.no>;
 Tue, 22 Feb 2005 23:01:48 +0100 (CET)
Received: from psg.com (psg.com [147.28.0.62])
	by eikenes.alvestrand.no (Postfix) with ESMTP id 66B8061BD7
	for <Harald@Alvestrand.no>; Tue, 22 Feb 2005 23:01:48 +0100 (CET)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD))
	id 1D3i47-000BgJ-N1
	for idn-data@psg.com; Tue, 22 Feb 2005 21:59:35 +0000
Received: from [63.247.74.122] (helo=montage.altserver.com)
	by psg.com with esmtp (Exim 4.44 (FreeBSD))
	id 1D3i45-000Bfs-Hc
	for idn@ops.ietf.org; Tue, 22 Feb 2005 21:59:33 +0000
Received: from if12m4-235.d2.club-internet.fr ([212.195.66.235] helo=jfc.afrac.org)
	by montage.altserver.com with esmtpa (Exim 4.44)
	id 1D3i42-0001SI-U1; Tue, 22 Feb 2005 13:59:31 -0800
Message-Id: <6.1.2.0.2.20050222221611.03e44d70@mail.jefsey.com>
X-Sender: jefsey+jefsey.com@mail.jefsey.com
X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0
Date: Tue, 22 Feb 2005 22:59:22 +0100
To: Erik van der Poel <erik@vanderpoel.org>
From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>
Subject: Re: [idn] Re: nameprep, IDN spoofing and the registries
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, idn@ops.ietf.org
In-Reply-To: <421B966F.1020803@vanderpoel.org>
References: <BE3FE373.C6C%haberg@math.su.se>
 <421A3E9C.5020204@vanderpoel.org>
 <f3aaace6b9037e8383c412d9e24b18db@gwg-associates.com.au>
 <421AC08F.2030207@vanderpoel.org>
 <20050222132656.GA13173@nic.fr>
 <6.1.2.0.2.20050222163109.02e51db0@mail.jefsey.com>
 <421B966F.1020803@vanderpoel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - montage.altserver.com
X-AntiAbuse: Original Domain - ops.ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - jefsey.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Sender: owner-idn@ops.ietf.org
Precedence: bulk
X-Virus-Scanned: by amavisd-new at alvestrand.no

At 21:30 22/02/2005, Erik van der Poel wrote:
>JFC (Jefsey) Morfin wrote:
>>2. could someone list all the Unicode codes to blacklist that way?
>
>It will take a while to create a relatively complete table of homographs, 
>but here are a couple of starting points:
>
>https://bugzilla.mozilla.org/attachment.cgi?id=174139
>https://bugzilla.mozilla.org/show_bug.cgi?id=279099#c192
>
>Also, I've been thinking of writing a program that would look at the 
>"cmap" of every font on a Windows box and check to see which pairs of 
>Unicodes have the same glyph index (which leads to identical display).

This would help.
But a ccTLD managing IDNs in computer environment and wanting to avoid any 
mistake, manages names in most of the case under the ACE format. In ASCII. 
I am not sure about existing dispute cases, but we consider that two IDNs 
are different if they have different in ACE format?
Anyway, I answer you below.

>>3. could someone point a Perl code to use to enter a IDN and to get it 
>>properly punycoded, which could use such a list.
>
>I don't know about Perl, but I believe Python has IDN.

Thank you, but as I said, I have no resource on this. So what would be 
great wold be that this list would actually help preparing a Draft - may be 
someone of more technical skill and competence would be interested in 
leading it? So we can start working on something real. I listed my pratical 
needs. I suppose others would have others to add.

Stephane is key person in supporting many ccTLDs in real life. I am sure he 
will be of great help. So would Gervase's with the ability to test in 
Firefox environment.

I have reported the problem and my request on the ccTLD list. I asked about 
the additional requirements they might have. I will inform this list of any 
additional demands they may have IRT a practical solution for them. I also 
documented that my concern was not about the phishing issue but about the 
ccTLD owns operations. This leaves the legal aside and may be more 
motivating since their own Registry could be the first victim of a 
confusion (in Whois display, for example).

jfc