headers
Paul Hoffman | 21 Mar 02:09

WG Last Call for draft-ietf-websec-strict-transport-sec

Greetings again. The websec WG is in WG Last Call for draft-ietf-websec-strict-transport-sec, an
interesting document that is likely to be widely deployed in web browsers and servers. There are a few
places in the document that touch (slam?) into IDNA 2003 and IDNA 2008, so I thought this list should pay
attention now rather than later. In specific, please see section 8 (just the beginning), section 9, and
section 13.

The WG LC ends April 9. Please send any comments to the websec WG mailing list, not here. Thanks!

--Paul Hoffman
Permalink | Reply | 0 comments |
headers
JFC Morfin | 13 Mar 03:07

RE: Draft on IDN Tables in XML

At 19:28 12/03/2012, Shawn Steele wrote:
>I don't see a relationship between the proposed XML behavior and 
>JFC's ideas.  Nor am I interested in JFC's ML stuff, sorry.

Noted.
jfc
Permalink | Reply | 0 comments |
headers
J-F C. Morfin | 12 Mar 04:07

RE: Draft on IDN Tables in XML

At 03:13 12/03/2012, Shawn Steele wrote:
>What kinds of applications are expected to consume this 
>data?  What's the target?

Shawn,
The browsers want to use them. To validate the IDNs. This is why we 
need to get them synced.
jfc
Permalink | Reply | 4 comments |
headers
JFC Morfin | 11 Mar 03:29

RE: Draft on IDN Tables in XML

At 17:42 08/03/2012, Shawn Steele wrote:
>How do these tables stay in-sync?   I mean, what happens when it 
>disagrees with what is actually in the DNS zone files?

Dear Shawn,

the need for synchronized multilinguistic (on languages) and 
polylinguistic (same data in different language) is a general need 
that can only be currently addressed in an opendata context by a 
registry or DDDS international system, or by an extended DDDS 
mutually operated architecture. It would be interesting to know what 
Microsoft, Google, and others would have to propose. I would be 
interested in working on a joint exploratory draft on this issue 
which is universal and not limited to the Internet. This could be 
part of the JTC1/SG32/WG2 effort, or a totally separate project. It 
should permit contributions by everyone to be kept synchronized 
within a registrant defined TTL and to be freely accessed for 
validity check of table versions and updates.

Best
jfc
Permalink | Reply | 0 comments |
headers
Kim Davies | 1 Mar 20:15
Picon
Favicon
Gravatar

Draft on IDN Tables in XML

Colleagues,

I have posted a first draft regarding a format that could be used for representing IDN Tables in XML to the I-D Repository:

	https://datatracker.ietf.org/doc/draft-davies-idntables/

After discussion with a number of folks that felt this would be good work to undertake, I've put together a
first cut which is not comprehensive, but I think goes some way toward a potential format.

Unless there is interest in this being a more formal activity, my assumption is to aim to publish the final
result independently as an Informational RFC. However, the mechanism of publication is secondary to
coming up with something useful that would benefit TLD registries and other implementors. A list of
design goals, from the document, is as follows:

	• MUST be in a format that can be implemented in a reasonably straightforward manner in software;
	• The format SHOULD be able to be checked for formatting errors, such that common mistakes can be caught;
	• An IDN Table MUST be able to express the set of valid code points that are allowed for registration under
a specific zone administrator's policies;
	• MUST be able to express computed alternatives to a given domain name based on a one-to-one, or
one-to-many relationship. These computed alternatives are commonly known as "IDN variants";
	• IDN Variants SHOULD be able to be tagged with specific categories, such that the categories can be used
to support registry policy (such as whether to list the computed variant in the zone, or to merely block it
from registration);
	• IDN Variants MUST be able to stipulated based on contextual information. For example, specific
variants may only be applicable when they follow another specific code point, or when the code point is
displayed in a specific presentation form;
	• The data contained within the table MUST be unambiguous, such that independent implementations that
utilise the contents will arrive at the same results;
	• IDN Tables SHOULD be suitable for comparison and re-use, such that one could easily compare the
contents of two or more to see the differences, to merge them, and so on.
(Continue reading)

Permalink | Reply | 34 comments |
headers
J-F C. Morfin | 22 Feb 18:18

Re: [vip] Final Integrated Issues Report and Project Plan for Next Steps Now Posted

At 22:55 21/02/2012, Naela Sarras wrote:
Dear Colleagues,

The final Integrated Issues Report has been posted.  In addition, the draft VIP Project Plan for the next steps has been posted for public comment.

http://www.icann.org/en/announcements/announcement-20feb12-en.htm
http://www.icann.org/en/public-comment/idn-vip-proposed-project-plan-20feb12-en.htm

Both documents will be discussed at the IDN Variant Issues Project Session during the ICANN Costa Rica Meeting, 11-16 March 2012.

Best regards,

Naela Sarras
ICANN

Dear Naella,

is this list still active for disscussion over the Very Impossible Project (VIP) issue?
If yes, what I hope, are new venues allowed in the debate (like Internet extended architectural frameworks able to support variants off the shelves)?

Thank you
jfc
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
Permalink | Reply | 1 comment |
headers
Andrew Sullivan | 21 Feb 23:22

ICANN variant project update

Dear colleagues,

Apologies if you see this more than once.  Because of prior interest
here, I'm posting this message here, but not cross-posting.

ICANN has published the final version of the Variant Issues Project
report, and has published a project plan for next steps.  You may read
about these developments on the following pages:

http://www.icann.org/en/announcements/announcement-20feb12-en.htm
http://www.icann.org/en/public-comment/idn-vip-proposed-project-plan-20feb12-en.htm

Best regards,

Andrew

--

-- 
Andrew Sullivan
ajs <at> anvilwalrusden.com
Permalink | Reply | 2 comments |
headers
Vint Cerf | 20 Feb 15:01
Picon
Favicon

Re: Proposed new Firefox IDN display algorithm

john, i assume meant "does NOT take being burned..."

Second, it does take being burned very many times (usually just
hearing horror stories is sufficient) before people decide
either that learning things is useful or that they want to avoid
the risky situations entirely.

On Sun, Feb 19, 2012 at 8:26 PM, John C Klensin <klensin <at> jck.com> wrote:
> Gerv,
>
> Consolidating responses and doing some trimming....
>
> --On Friday, February 17, 2012 15:52 +0000 Gervase Markham
> <gerv <at> mozilla.org> wrote:
>
>>...
>>> One is to provide a switch that permits a user to say "I think
>>> I'm smarter than you are and am willing to take responsibility
>>> for that belief and its consequences".
>>
>> At the moment, such a switch exists - sort of. You can just
>> add every TLD to the whitelist. We could have a global switch
>> if it were hidden away in about:config; the issue here is that
>> if such a switch exists, then people might switch it on. ;-)
>
> We might disagree a bit, but you have no way to make users sign
> in blood that they really, really, are taking responsibility
> (rather than, e.g., just blowing the problem off so they can
> blame you later.   So I guess that, if ICANN overwhelms your
> system with new TLDs no one can keep track of, it is rational
> for you to assume "no one" includes the hypothetical responsible
> user too and forcing that user to manually add everything she
> has thought about to the whitelist is a rational compromise.
>
>>> The second, and even more important, is that I believe the
>>> browser should provide a very accessible, very easy-to-use,
>>> transcoder for these labels.
>>
>> I can see why you want this, although I suspect that the
>> target audience would be so small that the Firefox team would
>> balk at adding a new feature for it. Every feature has initial
>> and ongoing costs, after all. I see your analogy to View
>> Source, but that's been a great tool in proving that the web
>> is readable, hackable and remixable - the usage of this
>> feature would be a lot more obscure and specialized.
>
> I think your "target audience" assumption above represents a
> fundamental different in assumptions about users and user
> interfaces.  Let me explain mine (not original -- most of what
> I'm about to say goes straight back to Doug Englebart although
> he clearly bears no responsibility for my interpretation).   If
> you and your associates still disagree, we can both move on.
>
> From my point of view, the typical user of your software is
> neither "new/ first time" because people rarely stay "first
> time" for very long  --they  do become familiar with their
> environments and the tools they use-- nor are most of them
> stupid and devoid of the ability to learn.  They may be lazy in
> the "don't want to learn anything I don't have to" sense, but
> not stupid in the "can't learn it even after I get motivated".
> There are limits of course, but very little of what we are
> talking about is, e.g., quantum physics with all it implies
> about mathematic background, understanding of stochastic
> processes, etc., as well as the physics themselves (much of
> rocket science doesn't have the prerequisites).
>
> In this particular case, we agree that the audience that will
> use (or even understand) that sort of tool on a proactive basis
> will be very small.  But there are two other audiences with whom
> you ought to be concerned.  First, I assume most of us have
> family, friends, or neighbors who are inclined to call up and
> ask questions if they encounter something odd that doesn't come
> with a really good explanation.  If there is a tool that I can
> get them to use to walk through the problem, then the actual
> user base for that tool goes up even if I'm using it on behalf
> of others and even more if I can teach them how to use it.
> Second, it does take being burned very many times (usually just
> hearing horror stories is sufficient) before people decide
> either that learning things is useful or that they want to avoid
> the risky situations entirely.
>
> For IDNs, the latter could either be "no IDNs" (and pressure on
> you or for a plugin for a tool that would prevent IDN use
> entirely) or a far narrower "if I'm not sure I understand the
> script, I want the URI blocked" restriction than even the
> Microsoft strategy implies.  We presumably don't want to drive
> folks in either of those directions; if we think IDNs are a good
> idea, we should be doing things that make people feel as safe as
> possible using them, even if the price of being safe is that
> they have to understand a bit more about what is going on and
> have tools they can use to easily investigate further if they
> see something suspicious-looking.
>
>>> As a trivial, ASCII-only, example, if I see "rn" on a small
>>> screen and in poor light, it would be a huge advantage to be
>>> able to be able to get the browser to show me code points that
>>> would tell me if I'm looking at U+006D or at U+0072 U+006E.
>>
>> If this is your problem, then we have a greater UI problem
>> than providing a way for people to see the hex codes behind
>> each character!
>
> Well, yes and no and, again, let me use FireFox as an example.
> Up until around version 6.x, when I hovered the pointer over a
> link or when something was downloading, I saw the full URL at a
> predictable place on the screen and saw it in fairly large
> letters.  Now, at least with my plug in family, it is sometimes
> in the lower left and sometimes in the lower right and always in
> about the smallest type you could have any reasonable
> expectation that anyone could read.  Now, regardless of what
> sort of visual confusion one is worried about, tiny characters
> inevitably make things less distinguishable and increase the
> risk.  So, yes, there are greater UI problems out there, but,
> even if you and your colleagues have good reason to preserve
> that particular bit of UI-induced risk, my being able to click
> on something and get a disambiguation display in
> reasonable-sized and easily distinguished characters would be an
> improvement.
>
>
>>> * I think your background/ problem statement is misleading.
>>> That may distort some of the rest of the document.  Your
>>> choice is not "to display or not to display".  A-labels are a
>>> display option, not non-display.  U-labels are another
>>> display form.  So are "????" and little boxes.  That would be
>>> just a pedantic distinction except for two things.  One is
>>> that you have a family of other options: display in lurid
>>> colors, pop-up warnings if someone tries to click on a link,
>>> or just outright refusal to use the URL... perhaps more.
>
>> This is true. Although I've outlined the advantages of A-label
>> display in error conditions in other messages in this thread.
>> However, if it turns out that this change allows us to display
>> the vast majority of used IDNs, there may be a case for some
>> more severe error condition when we hit one we think we
>> shouldn't. Is that what you are suggesting?
>
> Approximately.  Again, I'd like to see the user be able to
> override any warning/threatening choices you make, but only if
> you can also give her comprehensive information if she is smart
> enough to ask.  In the context of the remarks above and Vint's
> comments of some days ago, I'd much rather see:
>
>    Probably really bad domain
>       URI with A-labels:  xxxxxxxx
>       IRI with U-labels or placeholders: xxxxxx
>       Unicode code point list for IDN Labels: xxxxxxx
>    ------------           ----------------
>    | Forget It |          | Open it       |
>    | Button    |          | Anyway Button |
>    | (large)   |          | (tiny)        |
>    -------------          -----------------
>
> than some cryptic "Evil!" message with an "Ok" or "Dismiss" box
> whose status wrt the next step(s) is unclear.
>
>
>>...
>> We do actually carry around our own rendering routines:
>> http://en.wikipedia.org/wiki/HarfBuzz#HarfBuzz
>>
>> We don't carry around our own fonts. But what point are you
>> making here? If we find (somehow) that we are unable to
>> display a U-label correctly, we should do something else other
>> than what happens by default now, which I suspect is little
>> boxes with numbers in? (Although I haven't checked - can you
>> point me at a test domain name which uses highly obscure
>> Unicode characters?)
>
> I'll look or try to make one.  Others may be able to help here.
> If the numbers in the little boxes are 4-6 digit Unicode code
> points, I'd be happiest seeing those along with the A-labels.
> If they are, e.g., escaped UTF-8, I'd want to see, or easily get
> at, the Unicode code point list and the A-labels.
>
>>> A-label display or something else.   In other words, at least
>>> in the proposal, I'm trying to get you to separate
>>> "identification of a label that deserves worrying about" (or
>>> "identification of a label which is safe" with all others
>>> defaulting into "worry about") from what you do about that
>>> label or the FQDN of which it is part.
>>
>> OK. If currently we have:
>>
>>                     Can Display          Can't Display
>>
>> Worrisome Label    A-label              A-label
>>
>> Good Label         U-label              Little boxes
>>
>> How would you have us modify that matrix? (This assumes for
>> the sake of argument that it's possible to distinguish between
>> the bottom two boxes.)
>
> For the top two cells, I'd like to be able to access (with
> right-click or some other mechanism) the U-label and code point
> list.  For the bottom pair, I'd like to be able access (ditto)
> the A-label and code point list.   It would also suit me just
> fine to be able to get at the A-label, the U-label, and the code
> point list for all four cell, even though one of those fields
> will be redundant for each cell.   For the user who doesn't know
> the he should right-click the cells, or who knows and doesn't
> care, the display set above is just fine.
>
>>...
>>> (2) It seems to me that one of the problems with any strategy
>>> that tries to decide between "safe" names and ones that need
>>> special treatment on any basis other than experience with, or
>>> the reputation of, the particular domain or site is doomed to
>>...
>> To clarify: you are suggesting that sites with a cert from a
>> trusted CA should get U-labels regardless?
>>
>> CA certificates are about identity, not about "good-ness" or
>> honesty. I have, coincidentally, just been arguing in another,
>> CA-related, forum that they should by no means put
>> restrictions on which domain names people can get certificates
>> for, because deciding which domain names should and shouldn't
>> exist is the job of registries, and once they've done that, a
>> CA should go along with it. It should not be possible to
>> register a domain and yet not be able to get a cert for it
>> because the registry is fine with the name you pick but the CA
>> isn't. I can imagine domain owners being quite put out if that
>> could/did happen.
>
> Let me try a different point of view out on you.  Even accepting
> your "identity" definition, a CA can "identify" anything from
> something associated with the domain (remember that, independent
> of ability to obtain a domain, registries and registrars differ
> widely in how much information needs to be provided, verified,
> and/or exposed to do so.  At least in this context, I don't have
> a problem with someone obtaining a domain under and alias, with
> faked or hidden contact information, if the registry permits
> that... and getting a certificate to match.  But, in that case,
> the "identity" that is being certified is really very thin and
> uncertain.  And, fwiw, your users are probably much more at risk
> from a "almost no one knows who is operating this domain and
> those who know aren't telling" situation than that are from a
> suspect IDN (realistically, the two cases go together) and it
> would be at least as reasonable for you to warn about domains
> with anonymous/ proxy registrations (or registries that permit
> them) as it is to worry about sloppy registry IDN policies.
>
> At the other extreme, a CA can choose to issue an "identity"
> certificate only if it can actually verify the identity of the
> registrant (not just, e.g., reachability). Note that, in
> permitting descriptions of cerificate applicability, X.509
> recognizes the difference as do a number of CAs who issue
> certificates with different levels of quality and assurance.
>
> I am suggesting only that folks who have certificates that you
> can recognize as providing a high level of actual identity
> assurance and authentication may be entitled to a little more
> positive treatment than domains whose certificates indicate only
> that the entity involved was able to obtain a domain.  I'm not
> suggesting treating the latter badly, only that, as your policy
> moves down a path in which someone can get normal, U-label
> display, for their IDNs by any of several mechanisms, it may be
> worth considering high-quality / high-assurance identity
> certificates as another one of those mechanisms.
>
>
>>> (3) Personally, I'd add a user-specific FQDN (not TLD)
>>> whitelist to that list of hard exceptions.
>>
>> Users can technically add TLDs to the list. (I don't think
>> they can add FQDNs.)
>
> The thing I'm circling around is that we already see
> www.KnownGoodGuy.SuspectDomain and see if frequently.  We may
> see it even more with ICANN's new TLD program.  There ought to
> be ways for those <known good guys> who find themselves in TLDs
> who haven't made you happy, to get normal display.  The
> certificate idea above is one way, user-supplied FQDN
> whitelisting (by bookmarks or otherwise)  might be another.  To
> make the problem here more clear, assume that "mozilla" required
> a non-ASCII character to write.  www.mozilla.org would still
> work because you have whitelisted ORG and PIR.  But, if some
> user types in "www.mozilla.com", you'd really like them to see
> native characters even though COM and VGRS are not whitelisted.
>
>>> In order to avoid even more
>>> databases/ tables, suppose you checked a string to be
>>> displayed against the user's bookmark list _and_ created some
>>> extra warning and explanation if the user decided to bookmark
>>> a string that you considered suspicious.  If the user decided
>>> to bookmark the site despite those warnings/ explanations,
>>> maybe you should believe that he or she knows what they are
>>> doing and get out of the way.
>>
>> I'm not sure enough users use bookmarks in the "traditional"
>> way like that (or at all) for it to be a good idea to bake
>> them into the security strategy.
>
> Don't know.  FWIW, I feel the same way about using email address
> lists as a part of a security strategy -- but the approach seems
> to be hugely popular.
>
>>> (4) While I think the new classification data for "Common" and
>>> "Inherited" scripts that Mark identifies will be useful,
>>> especially to registries who are trying to make intelligent
>>> decisions about what to accept, I want to caution against
>>> doing anything at lookup time that is dependent on an inferred
>>> language.
>>
>> I tried to write the document in terms of "script", not
>> "language" - I understand the perils of trying to infer the
>> latter. Are you suggesting I haven't succeeded? If so, point
>> me at the broken bits.
>
> I think your text is fine.  The problem is that one can't get
> very far with labels in some scripts without including some
> "Common" or "Inherited" characters.  But, for a given label,
> which characters from those groups should be treated as part of
> the same script as the other characters in the label is going to
> depend at least on script (e.g., for Latin Script, some Common
> or Inherited characters are going to be appropriate and should
> not result in the label being treated as mixed-script, but
> others are not).  However, if you wanted a high-quality test,
> the answer to "which Common and/or Inherited characters should
> be permitted with the other characters in this label (without
> getting the label flagged as mixed-script)" requires language
> knowledge.  I don't think you should go there but, if you don't,
> everyone needs to understand that the test being made is fairly
> weak.
>
>>> (5) One of the disadvantages of going to A-label display is
>>> that, while A-labels provide a good clue that something
>>> unusual is going on, users may vary widely as to whether that
>>> is taken as a warning sign or just one of many
>>> incomprehensible things that happens on the Internet.  If the
>>> user, grandmother or not, is using the network by rote and
>>> with the assumption that a great deal of it is just magic,
>>> then it is possible that any A-label is confusable with any
>>> other A-label.  As long as A-label display is rare and the
>>> user never has the experience of having an intended and safe
>>> FQDN displayed in A-labels, that is probably ok.  But,
>>> A-label display becomes common and some of the labels thus
>>> displayed are actually associated with reasonable domains and
>>> safe sites, the warning value of that technique will
>>> deteriorate significantly unless users can remember which
>>> A-labels have been visited before and are ok.  I don't think
>>> we can count on that.
>>
>> I agree that seeing A-labels should be a rare thing, and
>> perhaps one of the downsides of the current implementation is
>> that users might see them more often than one would like. I
>> hope the new proposal will reduce the incidence of this. Given
>> that, I can't quite see your point?
>
> Depending on where people browse and whether serious
> confusable-IDN-based attacks actually become popular, I don't
> think your new proposal is going to reduce the frequency with
> which people see A-labels enough to make a big difference.
>
>
>>...
>
> best,
>   john
>
> _______________________________________________
> Idna-update mailing list
> Idna-update <at> alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/idna-update
Permalink | Reply | 1 comment |
headers
J-F C. Morfin | 8 Feb 12:44

Re: Proposed new Firefox IDN display algorithm

At 10:25 07/02/2012, Vint Cerf wrote:
At the risk of jumping in at mid-stream, it occurs to me that John's idea below (show U-label, show A-label, show Unicode character identifiers) is a variant of the "show source" that some users will choose to do for web pages, or "show original" for display of all the extra stuff that goes along with an email. Highlighting an FQDN and having a drop down opportunity to display it in various ways might be one way to help users signal this desire. Obviously, the u-label display won't work if the fonts aren't available.

Excellent remark. The only thing we need now is for the users to be able to send and receieve in a similar way (options or options on a TLD list with a default choosable option) non-filtered strings in the case of usages or TLDs not respecting IDNA2008 restrictions, like initially documented by ".su", a position that will most probably be adopted by most non-ICANN bound TLD managers (ccTLDs, private networks).
jfc




vint


On Tue, Feb 7, 2012 at 1:35 AM, John C Klensin <klensin <at> jck.com> wrote:


--On Tuesday, February 07, 2012 02:02 +0100 "J-F C. Morfin"
<jfc <at> morfin.org> wrote:

> At 21:24 06/02/2012, John C Klensin wrote:
>> Gerv,
>
> John,
>
> as long as we are talking of a Mozilla-IPI (International
> Plug-In) that can be used with a transparent Firefox and every
> other browser when in transparent mode, so we get the same
> result whatever the browser or we can use whatever other IPI
> approved by the local ISOC Chapter, ICANN, the national
> university association, ZDNet, the national ccTLD, etc. with
> Firefox there is no problem with IUsers.

I actually wasn't talking about that.  My reason is one of those
in which we may converge in the extreme case even if we disagree
on most of the details (I'm not sure we do).

I'm quite certain that there is no perfect solution to the
problems and alternatives to drive Gerv's policy (and other
policies in other browsers).   I think that the classic remedy
of "a good compromise is one that makes everyone equally
unhappy" is not a good solution in this type of human interface
situation.   And, while I really like the idea of Gerv and his
colleagues that every version of Firefox, on every platform and
in every language adaptation, should behave the same way wrt
IDNs, I'm not sure that is the most important objective.  In
particular, I think it is possible that ability to localize and
to adjust to different user usage pattern may be more important.

I'm also really, really afraid of the possible consequences of
widespread appearance appearance of "????" or other "tried to
display that and couldn't" situations.  I think that many of the
people who are concerned about confusion among characters are
paying too little attention to that one.

As a result, my preference is that:

(1) Different browsers try the ideas that they think will work
best so that we can all compare, ideas that are clearly good can
gradually spread, and, if it turns out that there are only
tradeoffs, users can make choices based on what suits their
needs and matches their taste.  Coming up with a universal
solution (or even a clear definition of a "transparent mode") at
this point seems to me to require knowledge that none of us
really have, independent of whether our guesses and hypotheses
agree or disagree.

(2) I deliberately didn't mention it in my long note but, from a
UI design standpoint, I'd like to see Firefox do two additional
things.

One is to provide a switch that permits a user to say "I think
I'm smarter than you are and am willing to take responsibility
for that belief and its consequences".  If set in this case (it
should obviously be off by default), it should simply disable
all of the "display algorithm" stuff, causing the browser to
display whatever it can in native character form.  From my point
of view, similar switches in other browsers to disable _their_
algorithms and approaches to the problem would be a good idea
too.  For reasons that I think I understand, I don't expect
Mozilla to provide that switch (or perhaps to provide it and
make it hard for any but the most sophisticated users to find),
but I still think it would be a good idea.

The second, and even more important, is that I believe the
browser should provide a very accessible, very easy-to-use,
transcoder for these labels.  The best UI may differ among
browsers and platforms, but, as an example for desktop machines,
I'd like to be able to right-click on a domain name or label or
even highlighted/ selected string and have all three of U-label
form, A-label form, and a list of Unicode code points (in U+NNNN
or \u'NNNN' form) easily available.  For the user who does know
what is going on (or who can learn) that particular
tool/facility is likely to be far more useful in the long run
than any collection of "we know more about this than you do and
are here to protect you" tools.  For what I think Gerv believes
is the more typical user (and he is probably right) such a tool
is, at worst, another feature like "display source" that will
never be used.

If I have to copy a string and carry it to another tool, the
value of the approach goes down significantly, not just because
the inconvenience might discourage me from checking strings I
ought to check, but because the uncertainties of copy-and-paste
operations might yield false results.

As a trivial, ASCII-only, example, if I see "rn" on a small
screen and in poor light, it would be a huge advantage to be
able to be able to get the browser to show me code points that
would tell me if I'm looking at U+006D or at U+0072 U+006E.
Similar examples for far more complex IDN cases should be
obvious.  For that set of examples, the code point list is
likely to be a lot more useful than an A-label.  There will
likely be other cases where the A-label (or the U-label if the
A-label is displayed) will be more useful.  FWIW, such a
facility will, IMO, become even more important if we start
seeing wide deployment of non-trivial IRIs (and, for them,
%-encoded UTF-8 needs to be on the list of forms that can be
seen or obtained too).


> This is why I suggest that your mail is published as an
> extension of RFC 5895.

I actually don't think it has much to do with 5895.  Independent
of that, if others think it is useful enough, I could certainly
put it together either as an I-D  that might lead to an RFC or
as an article for publication elsewhere.   At least at this hour
of the night, I'd guess the latter might be more appropriate, if
only because the IETF and the RFC Series rarely go that far down
the path toward UI design.

best,
   john



_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update


_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update 
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
Permalink | Reply | 1 comment |
headers
Gervase Markham | 20 Jan 19:38
Picon
Favicon
Gravatar

Proposed new Firefox IDN display algorithm

Thanks to all on this list who provided input; I have taken several of 
your suggestions into this proposal for a change to the way Firefox 
chooses how to display IDNs:

https://wiki.mozilla.org/IDN_Display_Algorithm

Comments, particularly on the "Possible Issues and Open Questions", 
would be very welcome.

Gerv
Permalink | Reply | 26 comments |
headers
JFC Morfin | 5 Jan 13:56

IUCG initial comment to ICANN

FYI, since my e-mail is blocked on this list, I sent this mail to ICANN.
jfc

---------------------

Gentlemen,

the IUCG accompanies the iucg <at> ietf.org non-WG mailing list. Its 
purpose is to permit Internet, and IETF users to contribute to the 
architecture, technology and practice of their own multitechnology 
Integrated and Intelligent Use (IUse) of the whole digital ecosystem. 
In the considered area it therefore explores the architectural 
support of polynymy (strict synonymy in a different context) and 
orthotypography (typographical syntax of a language) that IDNA2008 
does not consider but locates in the user part of the presentation 
layer support (RFC 5895).

We plan having a debate on the VIP report in the coming weeks and 
meet the Jan 31, 2012 deadline. We could not engage into such a 
debate prior to the publication of the report (however some of our 
members participated to the WG/VIP discussion) because we have 
difficulties in understanding how it fits in our targets.

Our priority is: how to implement IDNA2008 (i.e. the RFC set from RFC 
5890 to RFC 5895) on the user side (what we called the IDNA2010 
project) and to organize its mutual interadministration (what we 
called the IDNA2012 project).

1. The ICANN charter of the work 
(http://www.icann.org/en/topics/new-gtlds/idn-variant-tlds-delegation-20apr11-en.pdf):

- does not quote IDNA as architecture, only as an area of expertise 
for DNS experts.
- does not refer to IDNA2008 or to any other RFC. The only RFC which 
is quoted (in a note) is the RFC 3743 to define a possible meaning of 
the key word "variant".

We therefore had to wait for the completion of the 
http://www.icann.org/en/topics/new-gtlds/idn-vip-integrated-issues-23dec11-en.pdf 
draft to review a complete and homogeneous set of positions.

2. When we first discovered that document we decided to work out first:

- an IUWW version (i.e. a working wiki). This is underway.
- the missing executive summary which is necessary for a constructive 
debate over a document of 108 pages plus substantial annexes.
- a general "Internet+" framework integrating the IAB/IETF end to end 
network now finalized capacities within the fringe to fringe 
Intelligent Use solutions we need and expect.

This post-IDNA2008 "Internet+" people centric (cf. WSIS  [World 
Summit on Information Society] unanimous resolution) framework has to 
be in continuity with the RFC 1287, RFC 1958 and RFC 3439, respecting 
the RFC 3935, attentive to RFC 3869, following the ICANN-ICP-3 
requirements, in phase with the responses we obtained from the IESG 
and IAB and able to positively take advantage from the VIP work, the 
ICANN Affirmation of Commitment with the US Government (and hopefully 
all the other similar affirmation jointly signed with GAC Members) as 
well as other contributions received or expected from other 
multilinguistics (as the discipline of the linguistic coexistence) 
and digital architecture oriented agoras.

Regards.

JFC Morfin
Facilitator, iucg <at> ietf.org
Permalink | Reply | 0 comments |

Gmane