Browser IDN display policy: opinions sought

Gervase Markham gerv at mozilla.org
Tue Dec 13 11:43:58 CET 2011 

On 13/12/11 10:19, "Martin J. Dürst" wrote:
> To take some very simple examples, why do I have to look at
> http://www.xn--viagnie-eya.com/ in Firefox when I can see
> http://www.viagénie.com in Chrome? The other way round, why do I have to
> look at http://xn--80abvnkf0a.xn--p1ai in Chome when I can see
> http://биатлон.рф in Firefox? (and why can I see both of these in Opera
> and in Safari?)
> 
> There is absolutely *nothing* wrong with displaying either of these
> domain names. Otherwise, the other browsers displaying them, and their
> users, would be in deep trouble, wouldn't they? That's the reason I say
> that browsers overreacted.

That sounds like your definition of "not overreacting" is "solving the
problem with a 0% false positive and 0% false negative rate". (Or
perhaps you would have been happy with us doing nothing, which has a 0%
false positive rate, but a non-0 false negative rate.)

> But if I were in the position of a registry, I'm not sure I'd taken the
> time to submit bug reports. One browser might be okay, but what if all
> browsers were doing this? And what if their criteria were all slightly
> different? The number of browsers is another dimension over which this
> approach doesn't scale. (For those people who think that there are only
> four or five browsers around: That's totally wrong. There are four or
> five major browsers, but there are many, many others.)

In practice, as with CA inclusions, it tends to be that the smaller
browsers just adopt the decisions of the larger ones. Even some large
browsers do - Google Chrome uses the OS cert store on each platform, AIUI.

This does have, of course, pros and cons. But given the fairly low
effort of filing a bug with us, and the corresponding gain that an
additional 30% of the Internet will be able to correctly see the IDNs
you are selling, that seems like a good use of registry time to me...

> Anyway, I don't necessarily want Firefox to abandon policy B. Definitely
> not if that meant switching to A, which has just about the same number
> of problems, just different ones. As you already are thinking about
> changing policies (which would mean implementing them), why not
> implement another policy and then OR the results together. That way, the
> huge number of current false positives gets reduced quite a bit.

We are certainly open to proposals D, E, F and beyond. (Although due to
the way Mozilla works, I can't promise an implementation timescale!)

Gerv

More information about the Idna-update mailing list