Leaving out scripts (Re: Unicode versions (Re: Criteria for
exceptional characters))
Erik van der Poel
erikv at google.com
Thu Dec 21 16:16:46 CET 2006
Firefox currently allows any scripts to be mixed in lower level labels
when the TLD is in the white list. It's great that you block certain
dangerous characters like the math slash look-alikes. But maybe
someone will eventually figure out how to create a tricky URL that
takes advantage of script mixing in lower level labels in Firefox in
countries where Firefox enjoys a significant market share. Firefox's
leaders trust the TLDs on the white list, but can you trust all the
individuals and organizations that register domains in those TLDs?
Erik
On 12/21/06, Gervase Markham <gerv at mozilla.org> wrote:
> There's one big difference between implementing the mix test in browsers
> and implementing it at the registry level. If you implement it in
> browsers, then decide that a loosening is necessary in a particular
> case, you need to update 1 billion+ installed bits of software before
> you can sell the new IDNs. That would probably take, based on past
> experience, about four or five years.
>
> If you implement it at a registry policy level, you can start immediately.
More information about the Idna-update
mailing list