Special case for Bidi in draft-ietf-idnabis-protocol-14

Wil Tan wil at cloudregistry.net
Mon Sep 7 18:01:18 CEST 2009


On Tue, Sep 8, 2009 at 1:16 AM, Andrew Sullivan <ajs at shinkuro.com> wrote:

> On Mon, Sep 07, 2009 at 06:49:55PM +0900, "Martin J. Dürst" wrote:
> > I agree with Mati. I think in protocol, checking the BIDI constraints
> > should just be a MUST. BIDI then can say (as it already does) that these
> > constraints are essentially irrelevant for LTR-only domain names.
>
> I can think of a case where not checking BIDI rules would be
> justified.  Suppose a system is configured such that it is impossible
> to enter RTL characters, and there are no fonts for displaying RTL
> characters either.  In this case, actually performing the BIDI check
> would just be a waste of cycles: they're effectively impossible
> anyway.  (The purpose of the BIDI rule, after all, derives primarily
> from the display characteristics of RTL versus LTR.  Therefore, if no
> RTL is possibly displayed, then there are no display characteristics.)
>
>
Aren't these display characteristics available in the Unicode database? I
would imagine that the ability to perform the BIDI check is not dependent on
whether the runtime system has appropriate fonts installed. it is, however,
dependent on whether the client / library is BIDI-aware.

If it is, as you said, impossible to perform the BIDI check in some systems,
then I agree that the rule should be a SHOULD. Otherwise, I'd still vote for
MUST.


On Tue, Sep 8, 2009 at 1:19 AM, Andrew Sullivan <ajs at shinkuro.com> wrote:

> On Mon, Sep 07, 2009 at 06:46:12PM +1000, Wil Tan wrote:
> > >
> > I concur, especially given the fact that Bidi labels registered at lower
> > levels of the tree (thus outside the control of parent registries) could
> > possibly be used to render confusing domain names.
>
> Let us not open this debate again, please.  We have explicitly decided
> that confusability is not a criterion for acceptability.  Just because
> registries can act badly is not a reason to set protocol rules, and we
> have been quite clear that we expect registries to have a policy (even
> if that expectation is likely to be unrealised in practice).
>
>
I'm not trying to reopen it either. I was going to rest my case as I compose
this reply and saw John's note. I was precisely worried about "Bidi characters
in odd contexts pose as much of a problem as those invisible characters"
though I do not have any examples.

Granted we can't solve the world's phishing problems, but there are
"characters that shouldn't appear in domain names" and then there are
"characters that look like protocol characters", and yet there are certain
configuration of characters that could be as bad as "those invisible
characters".

=wil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.alvestrand.no/pipermail/idna-update/attachments/20090908/00374d24/attachment.htm 


More information about the Idna-update mailing list