Follow-up from Tuesday's discussion of digits in the
Harald Tveit Alvestrand
harald at alvestrand.no
Fri Dec 5 08:28:24 CET 2008
Shawn Steele skrev:
>> note that in the domain name "foo12345", there are 2 variants when digit
>> mixing is prohibited, but 32 variants when 2 different digit sets are
>>
> ? allowed.
>
> If we're concerned primarily about input/display mapping, then 12345 will be in one script or the other, not a mixture of both. (Although an attacker could utilize that to create others, but that's not really different than other homograph problems).
>
agreed; when thought about this way, it's unlikely that any legitimate
application would look up anything but the all-Latin or all-<something
else> label; registry policy *can* outlaw the mixtures (but only if the
registry wants to).
>
>> actually the .no registry doesn't offer any such bundling. If wurth.no,
>> wuerth.no and würth.no takes you to 3 different websites, that is not
>> against that registry's policy.
>> (in this particular case, all 3 names go to the same entity.... but not
>> because there's a rule about it.)
>>
>
> Yes, but I could register variations of my company's name...
>
> So is this a concern because of potential security concerns? Or because there are 2 forms of my company's name I want to be able to use?
I got the impression from the mail I was replying to that you were
saying that wuerth and würth would always be bundled by registry policy,
and just wanted to make sure it's clear to everyone that this isn't
always the case.
I don't want to reopen the discussion of whether they *should* be
bundled, because I believe that's out of scope for this discussion (and
indeed out of scope for the IETF to make rules about).
Harald
More information about the Idna-update
mailing list