IDNA2008: concerns about inconsistent mappings, and german sharp s

Thu Dec 11 11:48:49 CET 2008

Markus,

I have suggested the contextual rule, because I thought it may fall into 
that category such as Arabic-Digit sets. So the protocol can do the 
mapping instead of the registry.

Best
Alireza

Vint Cerf wrote:
> Markus,
>
> this has been reviewed repeatedly and the conclusion is that because 
> the sharp S is used differently in different jurisdictions, this needs 
> to be a choice made at registration time, not at protocol time. Some 
> jurisdictions will bundle the sharp S form and the "ss" form so that 
> both forms of the domain name are registered in the name of the 
> registrant. Upon introduction of sharp S, registries may need to use 
> an introductory process that alerts all registrants relying on the 
> mapping to register the sharp S form as well. This is "sunrise-like" 
> in its behavior.�
>
> vint
>
>
> Vint Cerf
> Google
> 1818 Library Street, Suite 400
> Reston, VA 20190
> 202-370-5637
> vint at google.com <mailto:vint at google.com>
>
>
>
>
> On Dec 11, 2008, at 12:42 AM, Markus Scherer wrote:
>
>> Dear IDNA-updaters,
>>
>> I recently learned about some details about IDNA2008 and was 
>> encouraged to voice concerns on this list.
>>
>> If I understand correctly, IDNA2008 -- unlike the 2003 version -- 
>> will not prescribe a particular set of character mappings. I am 
>> concerned that this will lead to implementations behaving 
>> inconsistently, and, for users, unpredictably, leading to navigation 
>> to the wrong web sites or getting an error message for what seems 
>> like (and used to be) a minor variation (for example, a casing 
>> difference).
>>
>> In particular, as a native German speaker, I am concerned about what 
>> I understand to be the effect on using German domain names -- 
>> regarding the '�' ("sharp s", also mis-named "eszett").This character 
>> is mostly equivalent to "ss", and normal uppercasing turns it into 
>> "SS" (except maybe on passports). Because of this near-equivalence, 
>> there is some amount of confusion about when to use "�" vs. "ss". In 
>> particular,
>>
>>     * In Switzerland, "�" is never used and always replaced with "ss".
>>     * The orthography change of 1996 changed the rules about � vs. ss
>>       and changed many very common words. Anyone who learned to write
>>       before the reform (like me) is prone to either still write the
>>       old way or be inconsistent, in addition to normal
>>       spelling�imperfections.
>>     * For several years, prominent newspapers and publishers refused
>>       to adopt the new orthography or flip-flopped in their adoption.
>>
>> The old IDNA standard mapped "�" to "ss". I understand that IDNA2008 
>> does not include this mapping (or indeed any other), but does permit 
>> � in unmapped domain names. This means that it will be possible for 
>> equivalent domain names (flu�.de <http://fluss.de> vs. fluss.de 
>> <http://fluss.de>) which used to be mapped to the same form (fluss.de 
>> <http://fluss.de>) to now point to unrelated web sites (where one 
>> might be a phishing site mimicking the other), or a user who used to 
>> be successful following a link "flu�.de <http://fluss.de>" may now 
>> find that their browser fails to connect.
>>
>> Please review this decision!
>>
>> It seems like for best consistency and interoperability, the updated 
>> IDNA standard should include mappings that are compatible extensions 
>> of the 2003 version, except to fix errors and security issues, and in 
>> particular should maintain the folding of equivalent domain names to 
>> a common representative.
>>
>> Failing that, it would help to continue to not allow the "�" in 
>> domain names, except as input to an implementation which maps it to 
>> "ss" as before.
>>
>> If that were not adopted either, then users can only hope that all 
>> registrars either automatically treat all equivalent forms as aliases 
>> or forbid registering a domain name if an equivalent one exists 
>> already. (A connection error would be better than a phishing trap.) I 
>> am pessimistic about all relevant registrars to learn about this (or 
>> anything that's not required by the spec), understand it, and apply 
>> it consistently.
>>
>> Sincerely,
>> markus
>>
>> _______________________________________________
>> Idna-update mailing list
>> Idna-update at alvestrand.no <mailto:Idna-update at alvestrand.no>
>> http://www.alvestrand.no/mailman/listinfo/idna-update
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Idna-update mailing list
> Idna-update at alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/idna-update
>   