Browser IDN display policy: opinions sought

Paul Hoffman phoffman at
Wed Dec 14 18:32:56 CET 2011

On Dec 14, 2011, at 2:55 AM, Gervase Markham wrote:

> On 13/12/11 15:37, Paul Hoffman wrote:
>> You are possibly mixing up levels again. If a user goes to
>> and hides that by clearing everything in his
>> browser, that action does not clear the DNS cache at the same time.
> In Firefox, it clears everything under our control - and, in fact, we
> have had additional APIs added to the plugin interface used by e.g.
> Flash so we can clear stuff not under our direct control as well, such
> as 'Flash cookies'. If Firefox retains any sort of record that you've
> visited a particular site after you have cleared all data, that's a bug.

As far as I have seen in my tests with Firefox, the OS's DNS cache is not one of the things that falls under "everything in our control". So, if I go to in Firefox private browsing and then quit from Firefox, and someone grabs my computer right then, they can see that an application wanted the DNS information for that site. The fact that the application also wanted the IDN display policy doesn't seem any more damning than the application wanting the A/AAAA record.

>> One level up, you said "If there are going to be rules, by far the
>> best place to enforce them is once at domain registration time, not
>> in real time in performance critical code millions of times a day at
>> access time". I disagreed because TLDs are registered in the root,
>> and I do not want ICANN enforcing a policy on TLDs that the TLDs
>> cannot change over time.
> I can't parse the last sentence. Are you saying:
> a) "I do not want ICANN enforcing a policy on TLDs such that the TLDs
> cannot change the policy over time."
> or
> b) "I do not want ICANN enforcing a policy on TLDs such that the nature
> of the policy in regards to what TLDs can and cannot exist, cannot
> change over time."
> or something else? Surely, with respect to b), ICANN does this, but has
> no problems today changing its policy about what is and isn't allowed?

I meant (a). I want the same for all zones, regardless of when they are registered. I agree that this takes more work on the part of browsers, and will cause more traffic on the Internet: it is worth it to have IDNs work better than they do today where some browsers block display for reasons unfathomable to users.

--Paul Hoffman

More information about the Idna-update mailing list