RE: IDNAbis Goals
John C Klensin <klensin <at> jck.com>
2006-12-04 16:32:05 GMT
I agree with Martin (below), but want to make one additional
With the understanding that I don't believe it will be necessary
to do anything radical and that, to my knowledge, no one is
proposing it at this point, I think we need to understand and
(1) The purpose of IDNs is in use and usability, not in
what can be registered, or has been registered, or that
might be registered.
(2) If IDNs are successful in satisfying some real need
(and that has _not_ yet been demonstrated, IMO), then,
however many users (and registrations) there are of IDNs
today, they are a tiny, tiny fraction of the user and
registrations numbers that will be associated with them
a few years out.
(3) Conversely, if IDNs are not going to be successful
in their current form, or any compatible modification of
their current form, everything we are doing now will
turn out to have been a brave effort to save the
unsalvageable. In the long term, registrations will
taper off and decrease because no one will care and all
of the machinery is a lot of clutter and an unnecessary
risk from attacks.
Now, given that, if we concluded that IDNs were not useful today
and/or posed high risk, and that some change would create
something that was useful, then we would be justified in making
that change, even if it involved, not only a change of prefix
but a fundamental change in the underlying algorithms. Not only
would users benefit, but even registrars and registries would
benefit because, regardless of the short-term pain of a
transition, the implications of (2) and (3) would suggest that
the money would lie in moving toward a system that people would
want to use.
Again, I'm not suggesting that anything drastic will be
necessary. I don't think it will be. But I also don't think it
is useful to base today's decisions on counting up the number of
names that are registered today and trying to classify them. If
IDNs are actually important and changes are necessary, there are
not enough registrations today to be significant.
However, the reality of the proposals being made now is that, as
Martin suggests, we are talking about making changes that would
impact a small number of fringe cases. Even most of those are
fringe cases that violate recommendations that have been on the
books since around the time the standards were approved.
Because applications software has been modified over the last
year or two to enforce those recommendations (by display of
punycode, rather than more natural characters and glyphs) even
when registries do not, the practical value of many of the
fringe-case names have already been severely reduced in the
marketplace. Distorting the outcome of this work to accommodate
those fringe cases would be, IMO, not in the best long-term
interests of the Internet, and especially not in the best
long-term interests of those users who need IDNs most. Put
differently and more bluntly, it would be truly stupid.
p.s. If one wants to think about this strictly from a registry
perspective, I would suggest that, long-term, only those IDNs
that one can count on having displayed to users in native-script
form (in the overwhelming number of cases for which they are
likely to be accessed) count in any way at all. The market for
punycode strings that will almost always display as punycode
strings, possibly with highlighting in whatever color is
localized as representing "warning of evil", is, inevitably,
going to be very limited. We already know that the browser
vendors, who feel some obligation to protect users, will do
exactly that with names they consider suspicious. While their
algorithms differ, fringe-case names almost certainly meet
reasonable criteria for "suspicious".
>From lots of prior experience with transitions of Internet
applications, we can also predict that, if we tell an
applications developer to stop supporting a particular case, the
code is unlikely to come out unless that developer is either
convinced that it will never be used or that it is actively
harmful and risky.
So the transition strategy for marginal names is (i) see if they
have a long-term future in display in native form and (ii) if
not, let them expire when they expire. The decision as to
whether to offer preferential registrations of better choices as
an alternative is a business decision, but I suggest it might be
a good one for several reasons.
--On Monday, 04 December, 2006 18:53 +0900 Martin Duerst
<duerst <at> it.aoyama.ac.jp> wrote:
> I have to say that I agree with Vint to some extent,
> and with Marcos to some extent. See below for details.
> At 05:35 06/12/02, Marcos Sanz/Denic wrote:
>>> We probably should take into account as much as we are able
>> registered domain names as opposed to those that might
>>> have been registered under the earlier rules. Also, one
>>> wonders to what
>> extent those IDNs that have been registered have been part
>>> of the domain name parking business as opposed to domain
>>> names for what
>> I will call functioning Internet destinations (not only
>>> web sites but other services also).
> In the case of IDNs, one should be careful when talking about
> "functioning destinations". There is a large number of
> registrations that have been made in good faith, and that are
> just not activated yet because before IE7 and before top level
> IDNs (the two main milestones I identified for myself when
> attending the ICANN meeting in Kuala Lumpur, about two years
> ago), deployment didn't make sense. While it is difficult to
> find hard criteria to distinguish these from domains that have
> just been bought for speculation, there is clearly such a
>> It may be that not many
>> registrations fall into the area of backward incompatibility.
>> That is a new, broken definition of "backward
>> Gentlemen, if the work of this group would render invalid
>> some existing IDN (never mind if "parked" or "functioning"
>> or at second or eighth level), I think it's in scope to
>> determine a mechanim for support/migration of those.
> I think that for most cases, the actually registered domain
> names are among those that still will be allowed under any
> kind of new rules. The discussion here is just about fringe
> cases. A particular fringe case is tests and other
> registrations made just to prove a point.
> A very good example is the now infamous paypal homograph
> attack. http://www.p&1072;ypal.com was registered not for
> inherent interest in this domain, but just to prove a point,
> in early 2005. For good reasons, this registration was quickly
> Another example would be a registration including one of the
> sequences in
> These are totally theoretical, yet allowed (and not normalized
> away) on a strict reading of stringprep. The only reason I can
> immagine that anybody would make such a registration is to
> check what exactly happens for such sequences, or to try to
> claim that they exist in practice to somehow influence
> the update of IDNA in an unproductive way.
> It would be a bad idea to predispose the work ahead by such
> marginal issues.
> As for migration, the world doesn't run out of domain names
> soon. So offering somebody a better alternative for what
> was probably a bad choice in the first place will help
> everybody, and should keep everybody happy.
> Regards, Martin.
># -#-# Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin
># University -#-# http://www.sw.it.aoyama.ac.jp
># mailto:duerst <at> it.aoyama.ac.jp
> Idna-update mailing list
> Idna-update <at> alvestrand.no