Protocol-08 (and status of Defs-04 and Rationale-06)

[Shawn Steele]

>    1. forbid at protocol level using context rules the mixing of
>       Arabic-Indic, Extended-Arabic-Indic and European digits in any
>       combination.
>           * forbid {a9b?, a9c?, b?c?}
>    2. forbid at protocol level using context rules the mixing of
>       Arabic-Indic with European and separately forbid mixing
>       Extended-Arabic-Indic with European (but allow
>       mixing Arabic-Indic and Extended-Arabic-Indic).
>           * forbid {a9b?, a9c?}, but allow {b?c?}
>    3. do not forbid use of digits at protocol level but use registry
>       filters implemented by each registry.
>    4. forbid at protocol level using context rules the mixing of
>       Arabic-Indic with Extended-Arabic-Indic (but allow the mixing of
>       either one alone with European digits).
>           * forbid {b?c?}, but allow {a9b?, a9c?}
>

My understanding is that this is because of the potential for spoofing due to the input methods and rendering behavior replacing some digits.  This was proposed by Arabic speakers, however it can also be a problem with a wider range of digits.  (In Windows, open intl.cpl, do the "customize" thing, and play with "standard digits" and "use native digits" to get a variety of behaviors.)  So I don't think the problem should be limited to Arabic-Indic digits, but rather we should talk about all of the digit ranges.

Technically this has a very different cause than the Cyrillic/Latin homographs, however the net impact is effectively the same.  Therefore if mixing digits was to be prohibited, it would also be logical to extend that to prohibition of mixing various other characters as well.

Another possibility is filtering at the user agent (such as currently happens with Cyrillic/Latin).  My preference would be to allow filtering at the registry or user agent level.  I use "allow" since enforcement at these levels is impractical.

- Shawn