Browser IDN display policy: opinions sought

Gervase Markham gerv at mozilla.org
Fri Dec 9 16:43:57 CET 2011


On 09/12/11 15:34, Paul Hoffman wrote:
> Without understanding both how a TLD gets on "a whitelist", and how
> "registry policy (is) used to prevent abuse", we cannot evaluate
> whether A or B would be better for Firefox. This information is
> critical to the analysis.

OK :-)

Mozilla's current policy on such things is listed here:
http://www.mozilla.org/projects/security/tld-idn-policy-list.html

We try to avoid being prescriptive about what method registries should
use to avoid homograph problems. The obvious ones are blocking and
bundling, but some registries have come up with very creative solutions
- one registry registering Cyrillic domains, for example, requires that
every domain contain at least one Cyrillic letter which is not an
ASCII-confusable.

There is a certain amount of judgement applied as to whether a
registry's policies are adequate. While we try and be consistent and
fair, that potentially can lead to accusations of unreasonable treatment.

>> By contrast, with a Type B policy, if your IDN domain works in one
>> copy of Firefox, it works in them all. If everyone had Type B
>> policies, there would be no risk of a properly-registered domain
>> coming up as gibberish.
> 
> If Firefox (and Opera) were the only browsers that the site operator
> cared about, this would be good. However, I believe that is true for
> approximately 0% of the sites in the world. (The same would be true
> if there was a "D" that only applied to Chrome.)

Quite so. Which is why I suggested that Firefox having a Type B policy
does not help so much in practice, because we were unable to convince
other browsers that this was the best approach.

>> It has been suggested that Firefox switch to a Type A policy. As it
>> is, the mix of policies means that the goal of universal
>> acceptability is not being met anyway. Firefox switching to Type A
>> would also not meet that goal by itself, but one could argue that
>> there's a bit more consistency to browser behaviour.
> 
> That has been my feeling all along, although I stopped expressing it
> a while ago when it seemed like the Firefox team would never change.
> I'm glad to hear that the discussion is opening up.

Do you think my reservations about Type A policy are justified, or do
you think I overstate the case? If you would, in an ideal world, prefer
everyone to be Type B, would you be interested in a push to try and
persuade other browser makers to change tack instead of Firefox?

> Absent anything convincing about how a TLD gets on "a whitelist", and
> how "registry policy (is) used to prevent abuse", I would hope that
> Firefox would join Chrome and IE with showing all single-script
> strings that it is believed that the user will understand.

My issue is that the method of determining "that it is believed a user
will understand" is going to fail in an unknown but I would guess fairly
high percentage of cases.

I wonder how we can get some statistics on that?

Gerv


More information about the Idna-update mailing list