IDN processing-related security considerations for draft-ietf-websec-strict-transport-sec

J-F C. Morfin jfc at morfin.org
Mon Oct 10 00:38:52 CEST 2011


I see that things have not moved a lot in six years and a half: 
xn--cocacola.com, funycode, babel-names.... All this was discussed at 
length with the WIPO and ICANN/IPC a few years ago.

>At 17:00 25/03/2005, JFC (Jefsey) Morfin wrote:
>>At 16:11 25/03/2005, Gervase Markham wrote:
>>>James Seng wrote:
>>>>i thought the ideas they have was pretty interesting
>>>>choose the scripts you use most often that you like to display 
>>>>normally but otherwise, will display in punycode.
>>>
>>>What sort of effect do you think it will have on IDN acceptance 
>>>and use if companies using IDN domains know that their domain name 
>>>will display as gobbledygook in an unknown percentage of their 
>>>customer's browsers?
>
>They will not if they are "babel names", ie names registered for 
>their punycode display, such as "xn--cocacola.com".
>
>I made a list in using Simon Josefsson oline tool and a small 
>funycode program for Adam to test them. What he did. I do not 
>remember the names I gave: I tried a few like xn--adam-costello.com, 
>xn--vint-cerf.ibm, xn--gw-bush.com, etc. Many worked. If I am right 
>the most brillant was xn--ibm.com which called for a single 
>character IDN. The main issue is that if you TM the Unicode name 
>there is nothing to be done.
>jfc

or even 9.75 years ago:
http://comments.gmane.org/gmane.ietf.idn/951
jfc


At 19:24 09/10/2011, Frank Ellermann wrote:
>Update:
>
> > Apparently <http://unicode.org/cldr/utility/idna.jsp?a=xn--cocacola>
> > is down at the moment...
>
>Somebody fixed this, thanks.  It confirms Jeff's Firefox result, the
>"raw" Unicode result confirmed by <http://josefsson.org/idn.php> is:
>
><http://unicode.org/cldr/utility/idna.jsp?a=\u0c03\u0bfe\u0c05\u0c05\u0bff\u0bfe>
>
>U+0BFE and U+0BFF are unassigned Unicode points in the Tamil block;
>at the moment xn--cocacola is a "fake A-label".  Sadly XN-labels do
>not tell me if mixing Tamil and Telugu will be always utter dubious.
>
>Different ??-- introducers identifying selected subsets of relevant
>scripts could be an idea.  In other words, meanwhile I found UTS 46
>and its IDN FAQ.  This was a brave attempt to rescue IDNA2008, but
>I'm not convinced that any "transitional" labels containing various
>IDNA2008 DISALLOWED Unicode points "go away", why should they, ever?
>
>-Frank
>_______________________________________________
>Idna-update mailing list
>Idna-update at alvestrand.no
>http://www.alvestrand.no/mailman/listinfo/idna-update



More information about the Idna-update mailing list