Hyphens and spoofing (was: Re: Moving Right Along on the Inclusions Table...)

[John C Klensin]

--On Sunday, 24 December, 2006 18:44 +0900 Martin Duerst
<duerst at it.aoyama.ac.jp> wrote:

> At 04:27 06/12/22, Kenneth Whistler wrote:
> 
>> Internet identifiers don't *require* word separators, and
>> if anything the predominant use of the existing "-" has
>> been to cause trouble and spoofing, rather than to
>> "do the job".
> 
> Can you explain? Do you mean e.g. spoofing www.microsoft.com
> with www.micro-soft.com? Or something else?

I can't speak for Ken, but, more or less, less.  "micro-soft" is
not a very good spoofing technique if the user is even slightly
awake, but consider all of the labels that are really
catenations of two or more words.   Would you expect (these
names are made up, but might, given coincidence and the nature
of things, be real)...

	* first-bank.com  or firstbank.com
	* tinyleaftea.info or tiny-leaf-tea.info (or, depending
	in how the company actually spelled its hypothetical
	name, tiny-leaftea.info)
	* second-rate.edu or secondrate.edu

The presence of the hyphen in the LDH rule had its basis in the
original, pre-DNS and non-hierarchical hostname rules, where,
e.g., mc.mit.edu could be written only as mit-mc (and mitmc
would have rapidly become confusing).  Given that the
marketplace has clearly decided to favor "catenate without
separation" in many cases, it is not clear to me that, if we
were making the decision anew today, we would have given the
hyphen any special status and, hence, would have prohibited it.


It is clearly too late to prohibit the hyphen now --although, if
I were running a registry, I'd seriously consider restricting
its use as a registration restriction-- but its use and
importance today doesn't make its inclusion in the "LDH" set a
very strong argument for requiring similar separators/ joiners
in other scripts.

     john