IDNA and U+08A1 and related cases

Gervase Markham gerv at
Mon Jan 26 18:02:48 CET 2015

On 26/01/15 06:30, Asmus Freytag wrote:
> The fundamental design limitation of IDNA 2008 is that, largely, the
> rules that it describes pertain to a single label in isolation.

tl;dr of your message: additional work is needed beyond IDNA2008 to have
a secure system...

> That calls for a different mechanism, what I have called "exclusion
> mechanism".

...which involves name registries doing the right thing.

Yes, indeed. Which is why, for years, this was a requirement of IDNA
enablement in Firefox. Only the proliferation of registries put an end
to our enforcement of that policy programmatically. We (or at least, I)
now intend to enforce it via the media if there is ever a problem caused
by a registry allowing one of its customers to attack another one by
registering a homograph.


More information about the Idna-update mailing list