IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec
J-F C. Morfin
jfc at morfin.org
Mon Oct 10 00:38:52 CEST 2011
I see that things have not moved a lot in six years and a half:
xn--cocacola.com, funycode, babel-names.... All this was discussed at
length with the WIPO and ICANN/IPC a few years ago.
>At 17:00 25/03/2005, JFC (Jefsey) Morfin wrote:
>>At 16:11 25/03/2005, Gervase Markham wrote:
>>>James Seng wrote:
>>>>i thought the ideas they have was pretty interesting
>>>>choose the scripts you use most often that you like to display
>>>>normally but otherwise, will display in punycode.
>>>What sort of effect do you think it will have on IDN acceptance
>>>and use if companies using IDN domains know that their domain name
>>>will display as gobbledygook in an unknown percentage of their
>They will not if they are "babel names", ie names registered for
>their punycode display, such as "xn--cocacola.com".
>I made a list in using Simon Josefsson oline tool and a small
>funycode program for Adam to test them. What he did. I do not
>remember the names I gave: I tried a few like xn--adam-costello.com,
>xn--vint-cerf.ibm, xn--gw-bush.com, etc. Many worked. If I am right
>the most brillant was xn--ibm.com which called for a single
>character IDN. The main issue is that if you TM the Unicode name
>there is nothing to be done.
or even 9.75 years ago:
At 19:24 09/10/2011, Frank Ellermann wrote:
> > Apparently <http://unicode.org/cldr/utility/idna.jsp?a=xn--cocacola>
> > is down at the moment...
>Somebody fixed this, thanks. It confirms Jeff's Firefox result, the
>"raw" Unicode result confirmed by <http://josefsson.org/idn.php> is:
>U+0BFE and U+0BFF are unassigned Unicode points in the Tamil block;
>at the moment xn--cocacola is a "fake A-label". Sadly XN-labels do
>not tell me if mixing Tamil and Telugu will be always utter dubious.
>Different ??-- introducers identifying selected subsets of relevant
>scripts could be an idea. In other words, meanwhile I found UTS 46
>and its IDN FAQ. This was a brave attempt to rescue IDNA2008, but
>I'm not convinced that any "transitional" labels containing various
>IDNA2008 DISALLOWED Unicode points "go away", why should they, ever?
>Idna-update mailing list
>Idna-update at alvestrand.no
More information about the Idna-update