> What percentage of domain names contain at least one character which is
confusable with another character permitted by IDNA2003, but no
characters which are confusable with characters permitted by IDNA2008?<br><br>I don't have a count of domain names. The figures I gave do part of what you are asking for:<br><br><div style="margin-left: 40px;">A. characters allowed by IDNA2008 that are confusable with <i>at least one</i> other character allowed by IDNA2008<br>
<br>B. characters allowed by IDNA200<b style="background-color: rgb(255, 102, 102);">3</b> that are confusable with <i>at least</i> one other character allowed by IDNA200<b style="background-color: rgb(255, 102, 102);">3</b> (<i>and</i> not in A)<br>
</div>
<br>And then versions of A and B weighted by frequency, in two different ways.<br><br>I just computed your further question, which is "What is the percentage of IDNA2008 PVALID characters which are confusable with a PVALID character in IDNA2003?". That is:<br>
<br><div style="margin-left: 40px;">C. characters allowed by IDNA2008 that are confusable with <i>at least one</i> other character allowed by IDNA200<b style="background-color: rgb(255, 102, 102);">3</b> (<i>and</i> not in A)<br>
</div>
<br>I'm showing no additional characters in that group; that is, any PVALID2008 character with a confusable in PVALID2003 also has a confusable in PVALID2008. (The number of other characters that each could be confused with does grow, but that doesn't change whether or not they can be spoofed.)<br>
<br>Now, the focus on building the confusables has characters that can be used to spoof modern, most-frequently-used scripts; the figures might change somewhat if they are extended to other scripts. That is, it might add Runic characters that could be spoofed by symbols or punctuation. But even then, the frequency-weighted figures wouldn't change significantly.<br>
<br>Does that help?<br><br clear="all">Mark<br>
<br><br><div class="gmail_quote">On Mon, Jul 27, 2009 at 12:07, Gervase Markham <span dir="ltr"><<a href="mailto:gerv@mozilla.org" target="_blank">gerv@mozilla.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>On 27/07/09 07:54, Mark Davis ⌛ wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Now, as with any statistics, the data is only an approximation.<br>
</blockquote>
<br></div>
It seems to me that the appropriate question to ask when judging impact is:<br>
<br>
What percentage of domain names contain at least one character which is confusable with another character permitted by IDNA2003, but no characters which are confusable with characters permitted by IDNA2008?<br>
<br>
In other words, how many domain names move from the "possibly spoofable" category into the "not spoofable category"?<br>
<br>
You say that in IDNA2008, 4.17% of PVALID characters have different IDNA2008 PVALID character they are confusable with. What is the percentage of IDNA2008 PVALID characters which are confusable with a PVALID character in IDNA2003? (Yes, I have asked that question exactly as I meant it.)<br>
<br>
Gerv<br>
</blockquote></div><br>