Dear IDNA-updaters,<div><br></div><div>I recently learned about some details about IDNA2008 and was encouraged to voice concerns on this list.
</div><div><br></div><div>If I understand correctly, IDNA2008 -- unlike the 2003 version -- will not prescribe a particular set of character mappings. I am concerned that this will lead to implementations behaving inconsistently, and, for users, unpredictably, leading to navigation to the wrong web sites or getting an error message for what seems like (and used to be) a minor variation (for example, a casing difference).</div>
<div><br></div><div>In particular, as a native German speaker, I am concerned about what I understand to be the effect on using German domain names -- regarding the 'ß' ("sharp s", also mis-named "eszett").This character is mostly equivalent to "ss", and normal uppercasing turns it into "SS" (except maybe on passports). Because of this near-equivalence, there is some amount of confusion about when to use "ß" vs. "ss". In particular,</div>
<div><ul><li>In Switzerland, "ß" is never used and always replaced with "ss".</li><li>The orthography change of 1996 changed the rules about ß vs. ss and changed many very common words. Anyone who learned to write before the reform (like me) is prone to either still write the old way or be inconsistent, in addition to normal spelling imperfections.</li>
<li>For several years, prominent newspapers and publishers refused to adopt the new orthography or flip-flopped in their adoption.</li></ul></div><div>The old IDNA standard mapped "ß" to "ss". I understand that IDNA2008 does not include this mapping (or indeed any other), but does permit ß in unmapped domain names. This means that it will be possible for equivalent domain names (<a href="http://fluss.de">fluß.de</a> vs. <a href="http://fluss.de">fluss.de</a>) which used to be mapped to the same form (<a href="http://fluss.de">fluss.de</a>) to now point to unrelated web sites (where one might be a phishing site mimicking the other), or a user who used to be successful following a link "<a href="http://fluss.de">fluß.de</a>" may now find that their browser fails to connect.<br>
</div><div><br></div><div>Please review this decision!</div><div><br></div><div>It seems like for best consistency and interoperability, the updated IDNA standard should include mappings that are compatible extensions of the 2003 version, except to fix errors and security issues, and in particular should maintain the folding of equivalent domain names to a common representative.</div>
<div><br></div><div>Failing that, it would help to continue to not allow the "ß" in domain names, except as input to an implementation which maps it to "ss" as before.</div><div><br></div><div>If that were not adopted either, then users can only hope that all registrars either automatically treat all equivalent forms as aliases or forbid registering a domain name if an equivalent one exists already. (A connection error would be better than a phishing trap.) I am pessimistic about all relevant registrars to learn about this (or anything that's not required by the spec), understand it, and apply it consistently.</div>
<div><br></div><div>Sincerely,</div><div>markus</div><div><br></div>