Browser IDN display policy: opinions sought

Paul Hoffman phoffman at imc.org
Fri Dec 9 17:46:36 CET 2011 

On Dec 9, 2011, at 7:43 AM, Gervase Markham wrote:

> Mozilla's current policy on such things is listed here:
> http://www.mozilla.org/projects/security/tld-idn-policy-list.html
> 
> We try to avoid being prescriptive about what method registries should
> use to avoid homograph problems. The obvious ones are blocking and
> bundling, but some registries have come up with very creative solutions
> - one registry registering Cyrillic domains, for example, requires that
> every domain contain at least one Cyrillic letter which is not an
> ASCII-confusable.
> 
> There is a certain amount of judgement applied as to whether a
> registry's policies are adequate. While we try and be consistent and
> fair, that potentially can lead to accusations of unreasonable treatment.

Thank you for that explanation. So, "if your IDN domain works in one copy of Firefox, it works in them all", but that might change over time if a TLD changes its policies. But we know that many TLDs very much want to change their policies with respect to bundling.

>>> It has been suggested that Firefox switch to a Type A policy. As it
>>> is, the mix of policies means that the goal of universal
>>> acceptability is not being met anyway. Firefox switching to Type A
>>> would also not meet that goal by itself, but one could argue that
>>> there's a bit more consistency to browser behaviour.
>> 
>> That has been my feeling all along, although I stopped expressing it
>> a while ago when it seemed like the Firefox team would never change.
>> I'm glad to hear that the discussion is opening up.
> 
> Do you think my reservations about Type A policy are justified, or do
> you think I overstate the case?

No; yes. :-) I think that if type A were not justified, there would have been many complaints about it over the years; I haven't heard any.

> If you would, in an ideal world, prefer
> everyone to be Type B, would you be interested in a push to try and
> persuade other browser makers to change tack instead of Firefox?

My ideal world is much closer to A than B. It is, in fact, one of the reasons that I switched to Chrome for my day-to-day work browsing that involves IDNs.

>> Absent anything convincing about how a TLD gets on "a whitelist", and
>> how "registry policy (is) used to prevent abuse", I would hope that
>> Firefox would join Chrome and IE with showing all single-script
>> strings that it is believed that the user will understand.
> 
> My issue is that the method of determining "that it is believed a user
> will understand" is going to fail in an unknown but I would guess fairly
> high percentage of cases.

I agree with "unknown" but disagree with "fairly high percentage". Again, we would have heard much more about this before now if it was true, and we haven't.

> I wonder how we can get some statistics on that?

We can't. It is inherently impossible to measure because if some company wants to identify themselves with <somestring>.<theirtld> and that renders wrong in IE, they just won't register it.

--Paul Hoffman

More information about the Idna-update mailing list