[lsb@lsb.org: [EAI] (summary) display of RightToLeft chars
in localparts and hostnames]
Soobok Lee
lsb at lsb.org
Thu Dec 7 10:05:54 CET 2006
On Thu, Dec 07, 2006 at 09:36:22AM +0100, Harald Alvestrand wrote:
> >
> > 200E; LEFT-TO-RIGHT MARK
> > 200F; RIGHT-TO-LEFT MARK
> >
> >My suggestion for new stringprep200x is to move these chars
> > to "mapped to nothing lists". that is, how about deleting silently
> > them instead of prohibiting them and returning error ?
>
> Any string that contains them will (one assumes) depend on their correct
> interpretation for correct display.
>
> Mapping them out and letting people use the resulting string powerfully
> violates the principle of least astonishment; if I, for reasons of my own,
> choose to send in the string (in network order) <RLO> D N A R T S E V L A
> <RLO>, expecting to see the display ALVESTRAND, I will be astonished if the
> result is DNARTSEVLA.
>
> I'll be even more surprised if someone is able to register
> <RLO>DNARTSEVLA<LRO>.com and use that in a phishing attack on
> alvestrand.com - returning an error message is IMHO Exactly The Right Thing
> To Do.
Thanks for your correction. Just deleting is NOT the right answer. My thought
was somewhat short about that. :0
My new suggestion is that: stringprep processes
<RLE>D N A R T S E V L A<PDF> ==> ALVESTRAND
<LRE>YOD HE WOW HE<PDF> ==> HE WOW HE YOD ( in Hebrew)
instead of just deleting or prohibiting <RLE> and <LRE>.
How do you think about this "Just delete with reordering"?
It won't complicate stringprep algorithms so much.
Soobok
More information about the Idna-update
mailing list