baking into the protocol

Gervase Markham gerv at mozilla.org
Thu Dec 21 16:56:28 CET 2006 

John C Klensin wrote:
> That conclusion has two corollaries that I think we need to
> understand.  The first is that trying to build a "no mixed
> scripts in a label" rule into the protocol is probably an idea
> that isn't going anywhere (and shouldn't).  The second is that
> any rule in application software that treats mixed-script labels
> as inherently dangerous should be extremely localized, probably
> examining the user's preferred languages or scripts and the
> particular combinations of scripts being mixed, lest one
> generate warnings about many safe situations and thereby cause
> users to discount warning information that really is important.

I would again ask: what proportion of domain-name-handling software 
today has a good awareness of a user's preferred languages or scripts?

Even if I let you have "the browser" (and I'd argue that in many cases 
it doesn't have a good idea), there are loads of other applications 
handling domain names. Updating them all so that they need to be 
configured with a list of languages for each different person which uses 
them, and making users worldwide do that configuration whenever they sit 
down at a new application installation, seems to me to be a 
disproportionate solution given that we can achieve the same effect 
through 200 lines of code and some registry policy.

An arbitrary domain name containing any mixture of scripts is entirely 
safe as long as no other domain name confusable with it can be 
registered by someone else. Script mixing is not the issue; 
confusability is.

For example, payp<cyrillic-a>l.com is safe (albeit a bit pointless) as 
long as it's owned by paypal.com (as I believe it now is).

If we have the ability to programmatically decide if a given domain name 
is potentially confusable with another one, as I think we do (the 
Unicode consortium has a very useful character list for this purpose, 
which we could adopt and perhaps augment), then applying that algorithm 
to every registration at registration time would result in the desired 
safety from spoofing.

I've already covered recently the "but what about sub-sub domains?" 
objection to this, but to recap: as long as the individual components of 
a domain name are clear (and they should be, as the process we are going 
through should blacklist the characters confusable with . and /) then 
the above plan suffices. I don't care if one user of everson.com spoofs 
another one; but the administrator for the everson.com DNS should.

Gerv

More information about the Idna-update mailing list