AW: Consensus Call on Latin Sharp S and Greek Final Sigma

Georg Ochsner g.ochsner at revolistic.com
Tue Dec 1 10:57:37 CET 2009 

1) We all know, there is no sharp s on a Swiss keyboard on a Swiss airport!

2) Could you maybe include a feature in IE's phishing filter, that evaluates if it is a phishing attack or peacefully coexisting website, or would this be impossible?

1) And I think Patrik is really right that the use of sharp s is indeed quite low at the moment (it's just logical, because knowing that not all browsers support IDNs and not all keyboards have a sharp s, it's common so far to link to the ss version of one's domain...). So the issue might be smaller than expected.

Thank you
Georg


> -----Ursprüngliche Nachricht-----
> Von: idna-update-bounces at alvestrand.no [mailto:idna-update-
> bounces at alvestrand.no] Im Auftrag von Shawn Steele
> Gesendet: Dienstag, 1. Dezember 2009 10:20
> An: Patrik Fältström
> Cc: Mark Davis ☕; Vint Cerf; Harald Alvestrand; lisa Dusseault; idna-
> update at alvestrand.no
> Betreff: RE: Consensus Call on Latin Sharp S and Greek Final Sigma
> 
> > I claim we get more confusion if the mapping that happens
> > is different _for the same user_ than what the user is used to
> > than for example to have the same mapping for two different users.
> 
> That's exactly why there MUST be consistent mappings.  It's far worse
> for the same user to have different behavior just because they're using
> an airport kiosk computer instead of their local language.  That'd be a
> phisher's dream scenario.  At least with consistent behavior that
> differs from the users natural expectations it won't change just because
> of some environmental thing.
> 
> > And as some people pointed out, the color / colour issues and similar
> that already exists.
> 
> And if I visit color.com, I don't expect it to work for colour.com if I
> happen to be in Canada, the BVI, Australia or wherever.  That's because
> the rules are consistent.  If color.com thinks it's important enough,
> then they could also register colour.com (and some have sued to get
> names like that when they're close enough and backed by trademark laws).
> If the IETF had made "o" == "ou", then that would've worked too.  I
> couldn't register "could.com" if "cold.com" was already taken, but it
> wouldn't matter, the rules would be consistent.  (& I can't register
> either of them anyway because squatters have them.)
> 
> > (I have a key for 'ä' on my keyboard while others might have to press
> '¨' and then 'a'.)
> 
> IME is a different layer I think.  If you see äpfle on a bus and type it
> in, you should still get to the same place whether you use an NFD Mac or
> an NFC PC.
> 
> > The mapping specifications, the real ones, can be developed in
> > whatever SDO that is out there. W3C? Unicode Consortium?
> > What I think I am more and more certain on is that IETF is not the
> correct venue.
> 
> I agree on that!
> 
> > Now, the problem I think is *NOT* the mappings, but as you
> > say Shawn, how to *specifically* handle Sharp S and final sigma.
> 
> > We have two alternatives for the core protocol:
> 
> > 1. Have it as PVALID
> > 2. Have it as DISALLOWED
> 
> This'll be funny, since I've been so vocal, but I don't really think it
> matters much.
> 
> The registrars that are interested in ß will probably bundle it with ss
> (I believe .at and .de have said as much).  I also expect companies that
> care about ß to register ss if their registrar doesn't do it
> automagically.  In fact if ß is interesting, then I'd expect lawsuits to
> get the alternate form when business is involved.  Certainly fussball.de
> would probably be pretty miffed if fußball.de went somewhere else.
> 
> There's probably a small set of users where Herr Fuss doesn't really
> care to bother with both forms, but those won't be commercial users, and
> actual cases where both go different places will probably be very low.
> 
> For fuss.us that doesn't realize ß even exists, then it won't matter
> whether ß is PVALID or not.  (Even if fuss.us doesn't care, nobody's
> going to brand themselves fuß.us and risk the collision, unless it's
> trademarked an they expect to get fuss.us as well.)
> 
> So long term I expect pretty much no real impact, except that there'd be
> a round-about mechanism for someone to specify their preferred ß display
> name.  In the short term there's risk of spoofing while multiple
> implementations exist, and I'd really prefer a more robust preferred
> display name form (that could handle CamelCase.Com or AAA.com as well).
> 
> DNS is supposed to be about finding machines.  There's no guarantee that
> any specific name is available for your use.  Even with IDN some names
> are illegal.  The Seattle Times has to settle for a form without a
> space, etc.  It isn't interesting that ss and ß go to the machine at
> IPv4 123.456.789.012.  It IS interesting that the users of those
> characters can get their preferred display form to work.
> 
> > Even in language contexts like Swedish where it is not (ß is just
> weird,
> > but it is definitely not the same as ss).
> 
> So?  It's a label that gets you somewhere.  If that place gives back a
> sensible display form, who cares?  With NFKC in IDNA2003 there's lots of
> strange mappings that end up back at a more normal place.  Who even
> knows how to type that ae character anyway?  Don't use the weird form.
> (Yea, I know that the new mapping doc is less permissive than IDNA2003,
> but why does it matter?)
> 
> > So for me this is a question of choice the domain holder has.
> > Can they choose to differentiate between ß and ss or not?
> 
> No.  If I tried to register fußball.de, I'd get sued.  There's no real
> choice here.  The ability to register both forms is an illusion in this
> particular case.  It doesn't matter what a linguist says is proper, or
> what subtleties the IETF allows, in practice the functionality we're
> enabling can't be used.
> 
> So I'm not vocal because I think that ß == ss.  I'm vocal because I
> think it is a bunch of churn and risk that has no real long-term impact
> or value (unless it's a stepping stone to the Ecole & ecole both allowed
> position).  Long term the end-user will still have the same experience
> no matter which choice is made.
> 
> > We should not destroy and make it impossible to use ß
> > in domain names
> 
> Not impossible to use ß, it just goes to the same place as ss, and it
> should allow for an ß display form (yes, I know that piece is missing).
> 
> -Shawn
> _______________________________________________
> Idna-update mailing list
> Idna-update at alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/idna-update

More information about the Idna-update mailing list