NSM flaw?

Vint Cerf vint at google.com
Tue Sep 15 12:43:23 CEST 2009


Your input is much appreciated. However, the working group examined  
the question of contextual constraints at protocol level and after  
considerable debate incorporated a limited set of restrictions at this  
level. You will note that the bulk of sensitivity in this area is  
remanded to the registries (at all levels) for thoughtful handling in  
a language and context-specific way. I do not believe that the WG  
should revise its protocol-level restrictions in context-J (joiner)  
area nor in BiDi although we have had some useful inputs on the  
expression of BiDi rules for clarity and ease of implementation. The  
consensus that has formed around these issues provides for a limited  
set of specific protocol-level restraint.

vint cerf

On Sep 15, 2009, at 4:40 AM, Abdulrahman I. ALGhadir wrote:

> Thank you for replay,
> But as what I see in the protocol now that it did fix some problems  
> which they have a Contextual-form rather than considering them as  
> plain Unicode (ex. Allowing ZWJ/ZWNJ, disallowing starting of  
> numbers in U-labels, not mixing scripts,... etc) all of these issues  
> are contextual, and based on what you said they should be treated on  
> the browser-level(or any level) and not in the protocol itself.
> Well I see the protocol at current stage is mutual allowing to fix  
> some problems and rejecting some, I know it is hard to govern all  
> the languages in this world and fixing all contextual problems which  
> may lead for spoofing attempts, but the protocol should follow a  
> clear path either to support them (by fixing them all, that is) Or  
> to consider these labels as plain sequence of Unicode and leave  
> other levels to handle the fixing of these kind of problems.
>
> I know I am a bit late to arise things like this, but for the  
> importance of the problem I had to do it, Sorry.
>
> Thank you,
> Abdulrahman.
>
> -----Original Message-----
> From: Vint Cerf [mailto:vint at google.com]
> Sent: 14/Sep/2009 4:56 PM
> To: "Martin J. Dürst"
> Cc: Abdulrahman I. ALGhadir; idna-update at alvestrand.no; Arabic  
> Scripts IDNA
> Subject: Re: NSM flaw?
>
> Martin, Abdulrahman,
>
> thanks for this contribution. I think Martin's points are very well
> taken.
> Finding protocol level rules for situations like that is not only very
> hard but probably not productive because of all the various potential
> hazards that exist with the introduction of so many new scripts.
> The programs implementing very complex rules increases the
> risk of bugs in the programs and thus, incompatibilities in
> implementation. The observation about varying treatment at
> browser level underscores some of the hazards.
>
> Vint
>
>
> On Sep 14, 2009, at 7:16 AM, Martin J. Dürst wrote:
>
>> Hello Abdulrahman,
>>
>> Are you saying that there is a problem with two successive  
>> (identical)
>> vowel marks (such as fatha, damma, kasra) because display engines  
>> will
>> ignore the second one (because essentially, there is no point in
>> indicating the vowel twice)?
>>
>> First, my mail agent (Thunderbird) displays both U+064E characters in
>> your examples below (the second one above a (maybe dotted, but I  
>> can't
>> see the actual dots) circle. But there may well be display engines
>> that
>> do what I think you say, so this may indeed be a problem.
>>
>> Second, while such NSM combinations (as well as much more far-fetched
>> combinations of NSMs, or letters and NSMs, or letters and letters)  
>> are
>> all allowed in the protocol, registries can (and in the case you  
>> point
>> out most probably should) reject them. Because of the complexity of
>> languages and scripts around the world, it wasn't possible to
>> incorporate such restrictions (except for a few extremely crucial
>> ones)
>> into the protocol, but it would definitely be good if the cases you
>> point out are documented by the group working on Arabic domain
>> names. I
>> have cc'ed the Arabic Scripts IDNA mailing list, maybe they are
>> already
>> aware of this and related issues.
>>
>> Regards,   Martin.
>>
>> On 2009/09/14 19:21, Abdulrahman I. ALGhadir wrote:
>>> Hello,
>>>
>>> I am Abdulrahman I. Al-Ghadir from SaudiNIC. I am new to IDNA and
>>> joined the mailing list lately.
>>>
>>> While revision and reading the last drafts I found something which
>>> may be a flow in the protocol in draft ftp://ftp.ietf.org/internet-drafts/draft-ietf-idnabis-bidi-05.txt
>>> ,
>>>
>>>
>>>
>>> In bidi-05 “2.  The BIDI Rule”:
>>>
>>> “  2.  In an RTL label, only characters with the BIDI properties
>>> R, AL,
>>>       AN, EN, ES, CS, ET, ON, BN and NSM are allowed.
>>>
>>>   3.  In an RTL label, the end of the label must be a character with
>>>       BIDI property R, AL, EN or AN, followed by zero or more
>>>       characters with BIDI property NSM.”
>>>
>>> A sequence of NSM can be represented in the label thus this may
>>> arise a problem on the display level for the label.
>>>
>>>
>>> Assume these two labels (image attached for both words):
>>>
>>>
>>>
>>> سيارةَ          ->            u0633\u064A
>>> \u0627\u0631\u0629\u064E                     ->    xn--mgbexg9i1a
>>>
>>> سيارةََ          ->            u0633\u064A
>>> \u0627\u0631\u0629\u064E\u064E       ->   xn--mgbexg9i1aa
>>>
>>>
>>>
>>> http://unicode.org/cldr/utility/idna.jsp?a=%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%0D%0A%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%D9%8E&f=
>>> [%C3%9F+%CF%82+[%3AJoin_C%3A<http://unicode.org/cldr/utility/idna.jsp?a=%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%0D%0A%D8%B3%D9%8A%D8%A7%D8%B1%D8%A9%D9%8E%D9%8E&f=%5b%C3%9F+%CF%82+%5b%3AJoin_C%3A
>>>>
>>>
>>>
>>>
>>> As you see both words have same display but different codes which
>>> might leads to problems same goes with other because as you know
>>> NSM display is the same position and rest of NSM which are after it
>>> will be display on same position too(later NSM after first NSM
>>> displayed will be invisible), same goes to other NSMs which act in
>>> same behavior. (am I right?)
>>>
>>>
>>>
>>> I know it is abit late to arise  things like that but it may be a
>>> problem?
>>>
>>>
>>>
>>> Thank you,
>>>
>>> Abdulrahman.
>>>
>>>
>>>
>>>
>>> -----------------------------------------------------------------------
>>> تنويه:
>>> هذه الرسالة و مرفقاتها (إن وجدت) تمثل
>>> وثيقة سرية قد تحتوي على معلومات تتمتع
>>> بحماية وحصانة قانونية. إذا لم تكن
>>> الشخص المعني بهذه الرسالة يجب عليك
>>> تنبيه المُرسل
>>> بخطأ وصولها إليك، و حذف الرسالة و
>>> مرفقاتها (إن وجدت) من الحاسب الآلي
>>> الخاص بك. ولا يجوز لك نسخ هذه الرسالة
>>> أو مرفقاتها (إن وجدت) أو أي جزئ منها،
>>> أو
>>> البوح بمحتوياتها لأي شخص أو
>>> استعمالها لأي غرض. علماً بأن الإفادات
>>> و الآراء التي تحويها هذه الرسالة تعبر
>>> فقط عن رأي المُرسل و ليس بالضرورة رأي
>>> هيئة الاتصالات و
>>> تقنية المعلومات، ولا تتحمل الهيئة أي
>>> مسئولية عن الأضرار الناتجة عن هذ
>>> البريد.
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Idna-update mailing list
>>> Idna-update at alvestrand.no
>>> http://www.alvestrand.no/mailman/listinfo/idna-update
>>
>> -- 
>> #-# Martin J. Dürst, Professor, Aoyama Gakuin University
>> #-# http://www.sw.it.aoyama.ac.jp   mailto:duerst at it.aoyama.ac.jp
>> _______________________________________________
>> Idna-update mailing list
>> Idna-update at alvestrand.no
>> http://www.alvestrand.no/mailman/listinfo/idna-update
>
>
> -----------------------------------------------------------------------------------
> Disclaimer:
> This message and its attachment, if any, are confidential and may  
> contain legally
> privileged information. If you are not the intended recipient,  
> please contact the
> sender immediately and delete this message and its attachment, if  
> any, from your
> system. You should not copy this message or disclose its contents to  
> any other
> person or use it for any purpose. Statements and opinions expressed  
> in this e-mail
> are those of the sender, and do not necessarily reflect those of the  
> Communications
> and Information Technology Commission (CITC). CITC accepts no  
> liability for damage
> caused by this email.



More information about the Idna-update mailing list