I agree with John's statement and position, with a couple of slight changes.<br><br>> it essentially impossible to correctly represent large<br>> fractions of some languages without the use of zero-width<br>> joining and non-joining characters.
<br><br>It is indeed unfortunate that we are in the circumstance where the joining characters are necessary for some languages. In retrospect, not the optimal choice (although in many cases the alternatives were also quite unpalatable, for different reasons). There is a public review issue making a proposal for handling these characters in identifiers, at
<a href="http://www.unicode.org/review/#pri96">http://www.unicode.org/review/#pri96</a>, and we'd appreciate feedback on it.<br><br>> Such rules would effectively violate a ban on mixed-script<br>> prohibitions, so we had better not get too tied up about general
<br>> principles.<br><br>What we say in PRI#96 is:<br>> In each of the following contexts, the match to the regular
expressions must also only consist of characters from a single script (after ignoring Common and
Inherited Script characters).<br><br>While it does place limitations on fields containing joiner characters on the basis of script, it doesn't require the mixture of scripts, in the sense used in <a href="http://www.unicode.org/reports/tr39/#Mixed_Script_Detection">
http://www.unicode.org/reports/tr39/#Mixed_Script_Detection</a>.<br><br>Mark<br><br><br><div><span class="gmail_quote">On 12/22/06, <b class="gmail_sendername">John C Klensin</b> <<a href="mailto:klensin@jck.com">klensin@jck.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br><br>--On Friday, 22 December, 2006 16:42 +0100 "Marcos Sanz/Denic"
<br><<a href="mailto:sanz@denic.de">sanz@denic.de</a>> wrote:<br><br>>...<br>> Spoofing is an inherently non-technical issue, which existed<br>> before there were domain names. You can try to address it<br>
> with technical tools, but it is far from being solved by<br>> banning mixed scripts: there will still be single-script<br>> confusables and whole-script confusables and people who will<br>> confuse "<a href="http://deutsche-bank.de">
deutsche-bank.de</a>" with "<a href="http://your-deutsche-bank.de">your-deutsche-bank.de</a>" (what<br>> I call conceptually confusables) and people who will not be<br>> wearing there glasses when the click on a link.
<br>><br>> So instead of trying to address the spoofing issue in an<br>> incomplette manner at the wrong level (and generating new<br>> kind of unexpected problems with that), leave the decision of<br>> what is a spoof of something else to the information experts.
<br>> For instance, the WIPO has decissions based in the UDRP,<br>> Paragraph 4ai, which specifically already protects owners of<br>> trademarks when "the domain name is identical or confusingly<br>> similar to a trademark or service mark in which the
<br>> complainant has rights".<br>>...<br><br>Marcus,<br><br>I don't want to repeat things that have already been said, but I<br>do want to suggest that the fairly absolute line you seem to be<br>taking on this may not be helpful.
<br><br>First, if one relies on the WIPO position alone, one creates,<br>not only a full-employment act for lawyers and UDRP mediators,<br>but also two more specific problems.<br><br> (1) Those remedies can be applied only after the fact.
<br> What we have seen on the Internet is that many of the<br> "bad guys" operate on a "register a domain name, defraud<br> people using that name, and then move on before any<br> action can be taken against that particular name" basis.
<br> In many cases, they stop using the spoofed (or other<br> problematic) names even before registration grace<br> periods expire, not nearly long enough for someone to<br> organize a UDRP complaint and get a domain name revoked.
<br><br><br> (2) WIPO is not the only UDRP provider. Even among WIPO<br> providers, more so if other providers are considered,<br> and more so yet when mediators operate under national<br> rules rather than under ICANN/WIPO ones, some decisions
<br> are wildly inconsistent with others. It is just not<br> possible to rely on that process to reach consistently<br> plausible results... a situation that, IMO, will become<br> worse as we see more cross-script (not just
<br> mixed-script) spoofing.<br><br>I think that, as a community, we should be looking for ways to<br>minimize the risk of these problems. I would not go so far as<br>to say that the only reason for not doing so is greed, but I
<br>believe that registries that do not follow reasonable standards<br>of user protection and good sense will, in many countries,<br>ultimately be held liable for that behavior. As in almost all<br>other technology-related areas, industry self-regulation, when
<br>it can be made effective, is preferable to heavy-handed and<br>reactive governmental or legal system interventions... if only<br>because it is more plausible to expect that industry will at<br>least understand the issues.
<br><br>Second, while I share your distaste for general mixed-script<br>prohibitions in the IDNA protocols (as I hope I've made clear<br>already), I believe that this is another area in which looking<br>closely at sometimes-complex engineering tradeoffs may be much
<br>more useful than making sweeping statements that sound political<br>or religious even if they are not. For example, the Unicode<br>model for handling what they describe as "presentation forms"<br>makes it essentially impossible to correctly represent large
<br>fractions of some languages without the use of zero-width<br>joining and non-joining characters. Those characters are<br>prohibited in IDNA2003 because, if embedded in arbitrary<br>strings, they are invisible and invisible characters are the
<br>would-be spoofer's dream come true. I believe that we will have<br>to come up with some way to permit them and that doing so will<br>require some very sensitively-constructed rules about<br>relationships to particular scripts and/or about adjacent
<br>characters and that those rules will need to be in the protocol.<br>Such rules would effectively violate a ban on mixed-script<br>prohibitions, so we had better not get too tied up about general<br>principles.<br><br>
regards,<br> john<br><br><br><br><br>_______________________________________________<br>Idna-update mailing list<br><a href="mailto:Idna-update@alvestrand.no">Idna-update@alvestrand.no</a><br><a href="http://www.alvestrand.no/mailman/listinfo/idna-update">
http://www.alvestrand.no/mailman/listinfo/idna-update</a><br></blockquote></div><br>