Browser IDN display policy: opinions sought
"Martin J. Dürst"
duerst at it.aoyama.ac.jp
Wed Dec 14 12:25:50 CET 2011
On 2011/12/14 3:16, John Levine wrote:
> Having been reading this discussion with great interest, I don't
> understand what problem is being solved. Is it:
> A) Only display names that are not deceptive?
> B) Don't display names that might be deceptive?
> C) Don't display names that fail to meet some policy that
> doesn't really have anything to do with deception?
> D) Only display names that meet some policy?
> E) Something else?
> It clearly can't be A, since there's plenty of room for deception in
> plain ASCII, and people can put random names at the Nth level, e.g.,
> FDIC.GOV.FOO.BAR.SOMETHING.TLD. Beyond that, I'm baffled.
The whole thing started with the paypаl.com scare (the second 'a' of
paypal being Cyrillic). The goal of the browser makers was to come up
with something that addressed this issue, and similar IDN-related and
script-related potential deceptions. So the goal was:
Don't display names that are potentially deceptive because of
similarities of letters in different scripts.
That's a pretty limited goal, and because there was quite a bit of
perceived pressure to do something, and not too much time and not too
many actual names out there yet that would have people make complain,
the job was overdone in many ways and not good enough in others (as
mentioned, the Mozilla approach fails for cases such as wordpress.com).
More information about the Idna-update