Table-building
Erik van der Poel
erikv at google.com
Fri Feb 2 04:10:19 CET 2007
On 2/1/07, Kenneth Whistler <kenw at sybase.com> wrote:
> The important thing is that this scenario updates gracefully,
> and the worst condition is some false negatives for unupdated
> applications, rather than false *positive* matches, which
> *would* be catastrophic.
No, Ken, the problem with a false negative is that it doesn't let the
user know that they might have to update their app. MSIE7 could, in
principle, even ask the user "We have a new version that supports this
link. Would you like to upgrade?" (Assuming that the app "phones home"
once in a while to find out that a new version is available that
supports certain additional characters.)
And, the problem with a false positive, is that an unscrupulous or
error-prone registry operator might allow both the uppercase and
lowercase versions of a new character to be registered, leading to a
situation where the user of an old app is taken to one site, while the
user of a new app is taken to a different site, possibly owned by
someone else (i.e. xn--mza vs xn--nza), even though the link in the
HTML did not change (it still has the uppercase).
I suppose an unscrupulous or error-prone registry operator would
eventually be caught and the authorities might then redelegate that
TLD, but Firefox is, in principle, exposing its users to this problem
in the meantime.
Erik
More information about the Idna-update
mailing list