NSM flaw?

Abdulrahman I. ALGhadir aghadir at citc.gov.sa
Tue Sep 15 10:40:00 CEST 2009


Thank you for replay,
But as what I see in the protocol now that it did fix some problems which they have a Contextual-form rather than considering them as plain Unicode (ex. Allowing ZWJ/ZWNJ, disallowing starting of numbers in U-labels, not mixing scripts,... etc) all of these issues are contextual, and based on what you said they should be treated on the browser-level(or any level) and not in the protocol itself.
Well I see the protocol at current stage is mutual allowing to fix some problems and rejecting some, I know it is hard to govern all the languages in this world and fixing all contextual problems which may lead for spoofing attempts, but the protocol should follow a clear path either to support them (by fixing them all, that is) Or to consider these labels as plain sequence of Unicode and leave other levels to handle the fixing of these kind of problems.

I know I am a bit late to arise things like this, but for the importance of the problem I had to do it, Sorry.

Thank you,
Abdulrahman. 

-----Original Message-----
From: Vint Cerf [mailto:vint at google.com] 
Sent: 14/Sep/2009 4:56 PM
To: "Martin J. Dürst"
Cc: Abdulrahman I. ALGhadir; idna-update at alvestrand.no; Arabic Scripts IDNA
Subject: Re: NSM flaw?

Martin, Abdulrahman,

thanks for this contribution. I think Martin's points are very well  
taken.
Finding protocol level rules for situations like that is not only very
hard but probably not productive because of all the various potential
hazards that exist with the introduction of so many new scripts.
The programs implementing very complex rules increases the
risk of bugs in the programs and thus, incompatibilities in
implementation. The observation about varying treatment at
browser level underscores some of the hazards.

Vint


On Sep 14, 2009, at 7:16 AM, Martin J. Dürst wrote:

> Hello Abdulrahman,
>
> Are you saying that there is a problem with two successive (identical)
> vowel marks (such as fatha, damma, kasra) because display engines will
> ignore the second one (because essentially, there is no point in
> indicating the vowel twice)?
>
> First, my mail agent (Thunderbird) displays both U+064E characters in
> your examples below (the second one above a (maybe dotted, but I can't
> see the actual dots) circle. But there may well be display engines  
> that
> do what I think you say, so this may indeed be a problem.
>
> Second, while such NSM combinations (as well as much more far-fetched
> combinations of NSMs, or letters and NSMs, or letters and letters) are
> all allowed in the protocol, registries can (and in the case you point
> out most probably should) reject them. Because of the complexity of
> languages and scripts around the world, it wasn't possible to
> incorporate such restrictions (except for a few extremely crucial  
> ones)
> into the protocol, but it would definitely be good if the cases you
> point out are documented by the group working on Arabic domain  
> names. I
> have cc'ed the Arabic Scripts IDNA mailing list, maybe they are  
> already
> aware of this and related issues.
>
> Regards,   Martin.
>
> On 2009/09/14 19:21, Abdulrahman I. ALGhadir wrote:
>> Hello,
>>
>> I am Abdulrahman I. Al-Ghadir from SaudiNIC. I am new to IDNA and  
>> joined the mailing list lately.
>>
>> While revision and reading the last drafts I found something which  
>> may be a flow in the protocol in draft ftp://ftp.ietf.org/internet-drafts/draft-ietf-idnabis-bidi-05.txt 
>>  ,
>>
>>
>>
>> In bidi-05 “2.  The BIDI Rule”:
>>
>> “  2.  In an RTL label, only characters with the BIDI properties  
>> R, AL,
>>        AN, EN, ES, CS, ET, ON, BN and NSM are allowed.
>>
>>    3.  In an RTL label, the end of the label must be a character with
>>        BIDI property R, AL, EN or AN, followed by zero or more
>>        characters with BIDI property NSM.”
>>
>> A sequence of NSM can be represented in the label thus this may  
>> arise a problem on the display level for the label.
>>
>>
>> Assume these two labels (image attached for both words):
>>
>>
>>
>> سيارةَ          ->            u0633\u064A 
>> \u0627\u0631\u0629\u064E                     ->    xn--mgbexg9i1a
>>
>> سيارةََ          ->            u0633\u064A 
>> \u0627\u0631\u0629\u064E\u064E       ->   xn--mgbexg9i1aa
>>
>>
>>
>> http://unicode.org/cldr/utility/idna.jsp?a=%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%0D%0A%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%D9%8E&f= 
>> [%C3%9F+%CF%82+[%3AJoin_C%3A<http://unicode.org/cldr/utility/idna.jsp?a=%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%0D%0A%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%D9%8E&f=%5b%C3%9F+%CF%82+%5b%3AJoin_C%3A 
>> >
>>
>>
>>
>> As you see both words have same display but different codes which  
>> might leads to problems same goes with other because as you know  
>> NSM display is the same position and rest of NSM which are after it  
>> will be display on same position too(later NSM after first NSM  
>> displayed will be invisible), same goes to other NSMs which act in  
>> same behavior. (am I right?)
>>
>>
>>
>> I know it is abit late to arise  things like that but it may be a  
>> problem?
>>
>>
>>
>> Thank you,
>>
>> Abdulrahman.
>>
>>
>>
>>
>> -----------------------------------------------------------------------
>> تنويه:
>> هذه الرسالة و مرفقاتها (إن وجدت) تمثل  
>> وثيقة سرية قد تحتوي على معلومات تتمتع  
>> بحماية وحصانة قانونية. إذا لم تكن  
>> الشخص المعني بهذه الرسالة يجب عليك  
>> تنبيه المُرسل
>> بخطأ وصولها إليك، و حذف الرسالة و  
>> مرفقاتها (إن وجدت) من الحاسب الآلي  
>> الخاص بك. ولا يجوز لك نسخ هذه الرسالة  
>> أو مرفقاتها (إن وجدت) أو أي جزئ منها،  
>> أو
>> البوح بمحتوياتها لأي شخص أو  
>> استعمالها لأي غرض. علماً بأن الإفادات  
>> و الآراء التي تحويها هذه الرسالة تعبر  
>> فقط عن رأي المُرسل و ليس بالضرورة رأي  
>> هيئة الاتصالات و
>> تقنية المعلومات، ولا تتحمل الهيئة أي  
>> مسئولية عن الأضرار الناتجة عن هذ  
>> البريد.
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Idna-update mailing list
>> Idna-update at alvestrand.no
>> http://www.alvestrand.no/mailman/listinfo/idna-update
>
> -- 
> #-# Martin J. Dürst, Professor, Aoyama Gakuin University
> #-# http://www.sw.it.aoyama.ac.jp   mailto:duerst at it.aoyama.ac.jp
> _______________________________________________
> Idna-update mailing list
> Idna-update at alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/idna-update


-----------------------------------------------------------------------------------
Disclaimer:
This message and its attachment, if any, are confidential and may contain legally
privileged information. If you are not the intended recipient, please contact the
sender immediately and delete this message and its attachment, if any, from your
system. You should not copy this message or disclose its contents to any other
person or use it for any purpose. Statements and opinions expressed in this e-mail
are those of the sender, and do not necessarily reflect those of the Communications
and Information Technology Commission (CITC). CITC accepts no liability for damage
caused by this email.


More information about the Idna-update mailing list