Browser IDN display policy: opinions sought
"Martin J. Dürst"
duerst at it.aoyama.ac.jp
Tue Dec 13 12:24:56 CET 2011
On 2011/12/13 19:43, Gervase Markham wrote:
> On 13/12/11 10:19, "Martin J. Dürst" wrote:
>> To take some very simple examples, why do I have to look at
>> http://www.xn--viagnie-eya.com/ in Firefox when I can see
>> http://www.viagénie.com in Chrome? The other way round, why do I have to
>> look at http://xn--80abvnkf0a.xn--p1ai in Chome when I can see
>> http://биатлон.рф in Firefox? (and why can I see both of these in Opera
>> and in Safari?)
>> There is absolutely *nothing* wrong with displaying either of these
>> domain names. Otherwise, the other browsers displaying them, and their
>> users, would be in deep trouble, wouldn't they? That's the reason I say
>> that browsers overreacted.
> That sounds like your definition of "not overreacting" is "solving the
> problem with a 0% false positive and 0% false negative rate".
Well, that would indeed have been wonderful :-). But without attaching
any significance to actual numbers, what I was trying to say is the
Currently you have essentially 0% false negatives if we define the
problem narrow enough (i.e. we exclude in-script confusables,
orthographic stuff such as color/colour, and the like), but something
like 50% or 80% or so false positives. And you could easily decrease the
number of false positives by quite a lot (possibly getting into a 5% or
even a 1% range) with a different policy or a combination of policies.
> perhaps you would have been happy with us doing nothing, which has a 0%
> false positive rate, but a non-0 false negative rate.)
[Me personally, why not. But because I'm using a Japanese OS, I'm in the
lucky situation that Cyrillic and Greek are displayed in full-width,
which makes them really stick out. And I'm also a rather careful
browser, or so I hope.]
For the overall Web, not displaying (as U-labels) mixed-script labels
(except for where exceptions are truly needed) and whole-script
confusables is definitely a good thing. But that's many less labels than
what is affected in the browsers currently.
>> But if I were in the position of a registry, I'm not sure I'd taken the
>> time to submit bug reports. One browser might be okay, but what if all
>> browsers were doing this? And what if their criteria were all slightly
>> different? The number of browsers is another dimension over which this
>> approach doesn't scale. (For those people who think that there are only
>> four or five browsers around: That's totally wrong. There are four or
>> five major browsers, but there are many, many others.)
> In practice, as with CA inclusions, it tends to be that the smaller
> browsers just adopt the decisions of the larger ones.
Good to know.
> Even some large
> browsers do - Google Chrome uses the OS cert store on each platform, AIUI.
> This does have, of course, pros and cons. But given the fairly low
> effort of filing a bug with us, and the corresponding gain that an
> additional 30% of the Internet will be able to correctly see the IDNs
> you are selling, that seems like a good use of registry time to me...
To you of course :-). But some registries might be more concerned about
authority and 'face' than about practicalities.
More information about the Idna-update