IDNA (Internationalized Domain Names) update

Nick Teint | 6 Jul 2010 12:14

Re: UTF-8

2010/6/26 John C Klensin <klensin <at> jck.com>:
> --On Saturday, June 26, 2010 11:54 +0200 Nick Teint
> <nick.teint <at> googlemail.com> wrote:
>> Sometimes, you _do_ want ACEs to leak into the UI:
>> 1. Your user does not know the script. Displaying an ugly ACE
>> string is better than displaying some
>> known-to-be-unrecognisable characters.*
>> 2. You don't have the fonts. Displaying an ugly ACE string is
>> better than displaying "???????".
>
> Both of these points have been made many times before.  Note
> that  "???????" and its equivalents (e.g., row of little boxes)
> are universal confusables -- they can be confused with, and
> match in user perception, _any_ string for which the user does
> not have fonts.  For the cautious user, that should be a strong
> warning.

These two arguments are not about phishing.

While certainly not the preferred form for human consumption, the ACE
form does enable some basic usage patterns such as noting the name
down on paper, reading it aloud over the phone, etc. These tasks are
simply not possible with an unfamiliar script or ersatz characters.

Gibberish out of known characters (a subset of the Latin script) is
still better than gibberish that consists of unknown or
indistinguishable characters.

>> 3. The string contains conspicuous confusables. Displaying an
>> ugly ACE string is better than displaying a

(Continue reading)

Shawn Steele | 6 Jul 2010 18:45

Picon

RE: UTF-8

>> Sometimes, you _do_ want ACEs to leak into the UI:
>> 1. Your user does not know the script. Displaying an ugly ACE
>> string is better than displaying some
>> known-to-be-unrecognisable characters.*
>> 2. You don't have the fonts. Displaying an ugly ACE string is
>> better than displaying "???????".

I somewhat disagree.  To most users, xn--qwerty is no different that xn--querty.  In that case, EVERYTHING
is confusable, no different than your case #2.
(In case #1 the user can probably still notice at least a few differences).

> While certainly not the preferred form for human consumption, the ACE
> form does enable some basic usage patterns such as noting the name
> down on paper, reading it aloud over the phone, etc. These tasks are
> simply not possible with an unfamiliar script or ersatz characters.

Possibly true, but is that at all helpful?  If I can't read a script for a web site's domain name, then very
likely that web site is unusable to me, so it matters very little if I can transcribe it.  If your web site is
useful to me, you probably have a CNAME, DNAME, or something else with an ASCII address or other script I can
read.  Even if I'm collecting data for a 3rd party users, like maybe an index of all the breweries I can find,
then I'd likely still want to be able to publish the URLs in a script targeted at the end users that can use the
web site.

> Gibberish out of known characters (a subset of the Latin script) is
> still better than gibberish that consists of unknown or
> indistinguishable characters.

Just barely.

> I doubt it be better. Big warnings have problems of their own,

(Continue reading)

Nicolas Williams | 6 Jul 2010 18:51

Picon

Re: UTF-8

On Tue, Jul 06, 2010 at 12:14:17PM +0200, Nick Teint wrote:
> 2010/6/26 John C Klensin <klensin <at> jck.com>:
> 
> These two arguments are not about phishing.
> 
> While certainly not the preferred form for human consumption, the ACE
> form does enable some basic usage patterns such as noting the name
> down on paper, reading it aloud over the phone, etc. These tasks are
> simply not possible with an unfamiliar script or ersatz characters.
> 
> Gibberish out of known characters (a subset of the Latin script) is
> still better than gibberish that consists of unknown or
> indistinguishable characters.

ACE certainly can look like gibberish, and ACE can be confusable.  For
example, xn--fo-6ja, xn--fo-3ja, xn--fo-oja and so on -- pretty close,
but not the same.

In other words, I'm not sure we can win here.

As for '?' and the such: if users treat them as wildcards, that is bad,
but if users treat them as an indication that something is broken, then
that's much better.  It'd be nice to know which way most users are
likely to respond.  My intuition says that if you display garbage that
can't even correctly by cut-n-pasted then we're reasonably safe.  But
that's just intuition, and it only applies when you either can't
represent a label in the user's locale or lack the fonts...

Hmmm, maybe apps and even systems could have a setting where a user can
say that any domainname labels using scripts that the user doesn't

(Continue reading)

=JeffH | 18 Jul 2010 17:07

-idnabis-defs-13: comment on figure 1

Hi,

the figures in -idnabis-defs-13 are very useful, thanks for including them.

Though, I found the labeling of the sets in figure 1 a tad confusing. If I'm 
interpreting the figure correctly, then this is the way I would label the sets...

       __________________________________________________________________
       |                              ASCII-LABEL                       |
       |    _________________________________________________________   |
       |    |            LDH-LABEL (1) (4)                          |   |
       |    |  ___________________________________                  |   |
       |    |  |IDN Reserved LDH Labels          |                  |   |
       |    |  | ("??--") or R-LDH LABELS        | _______________  |   |
       |    |  | _______________________________ | |NON-RESERVED |  |   |
       |    |  | |       XN LABELS             | | | LDH LABELS  |  |   |
       |    |  | | _____________   ___________ | | | (NR-LDH     |  |   |
       |    |  | | | A-labels  |   | Fake (3) || | |   LABELS)   |  |   |
       |    |  | | | "xn--"(2) |   | A-labels || | |_____________|  |   |
       |    |  | | |___________|   |__________|| |                  |   |
       |    |  | |_____________________________| |                  |   |
       |    |  |_________________________________|                  |   |
       |    |_______________________________________________________|   |
       |       __________________________________                       |
       |       |            NON-LDH-LABEL       |                       |
       |       |      ______________________    |                       |
       |       |      | Underscore labels  |    |                       |
       |       |      |  e.g. _tcp         |    |                       |
       |       |      |____________________|    |                       |
       |       |      | Labels with leading|    |                       |

(Continue reading)

=JeffH | 19 Jul 2010 02:13

Re: -idnabis-defs-13: comment on figure 1

when I sent the comment i didn't realize you all are sitting in AUTH48 with 
this passel of specs.

nevermind, it's a just a nit.

sorry for any trouble.

=JeffH

=JeffH | 19 Jul 2010 02:42

non-IDNA LDH Label ?

Is it correct to define the notion of "non-IDNA LDH Labels" as the union of 
"NR-LDH labels" and "Fake A-labels" ?

(figure 1 from -idnabis-defs-13 included below for convenience)

In other words, do "Fake A-labels" exist in the wild (whether or not their 
creation was purposeful or inadvertant) ?

thanks,

=JeffH

        __________________________________________________________________
        |                              ASCII-LABEL                       |
        |    _________________________________________________________   |
        |    |            LDH-LABEL (1) (4)                          |   |
        |    |  ___________________________________                  |   |
        |    |  |IDN Reserved LDH Labels          |                  |   |
        |    |  | ("??--") or R-LDH LABELS        | _______________  |   |
        |    |  | _______________________________ | |NON-RESERVED |  |   |
        |    |  | |       XN LABELS             | | | LDH LABELS  |  |   |
        |    |  | | _____________   ___________ | | | (NR-LDH     |  |   |
        |    |  | | | A-labels  |   | Fake (3) || | |   LABELS)   |  |   |
        |    |  | | | "xn--"(2) |   | A-labels || | |_____________|  |   |
        |    |  | | |___________|   |__________|| |                  |   |
        |    |  | |_____________________________| |                  |   |
        |    |  |_________________________________|                  |   |
        |    |_______________________________________________________|   |
        |       __________________________________                       |
        |       |            NON-LDH-LABEL       |                       |

(Continue reading)

Nicolas Williams | 19 Jul 2010 18:16

Picon

Re: non-IDNA LDH Label ?

On Sun, Jul 18, 2010 at 05:42:12PM -0700, =JeffH wrote:
> Is it correct to define the notion of "non-IDNA LDH Labels" as the
> union of "NR-LDH labels" and "Fake A-labels" ?

I believe the answer is "no" because one should not register fake
A-labels.  However, this is a "soft" no because there's no strong
requirement to not allow registration of fake A-labels.

In the long run I'd expect that there will be apps and/or libraries that
will produce warnings, and even errors when fed fake A-labels, even if
that's not today either required nor recommented, and even if it were
explicitly not allowed.  Which means: we're all best off not allowing
the registration of fake A-labels in any DNS zones, and renaming any
where they exist.

> In other words, do "Fake A-labels" exist in the wild (whether or not
> their creation was purposeful or inadvertant) ?

It's possible.  It's always been accepted that the IDNA prefix (xn--)
could collide with existing labels.  It's just not very likely.

Nico
--

--

Shawn Steele | 19 Jul 2010 18:20

Picon

RE: non-IDNA LDH Label ?

I'd expect some "fake" a-labels due to the disparity of allowed code points between 2003 and 2008. 
Presumably some labels will be fake by one or the other.

-Shawn

 
http://blogs.msdn.com/shawnste

________________________________________
From: idna-update-bounces <at> alvestrand.no [idna-update-bounces <at> alvestrand.no] on behalf of Nicolas
Williams [Nicolas.Williams <at> oracle.com]
Sent: Monday, July 19, 2010 9:16 AM
To: =JeffH
Cc: idna-update <at> alvestrand.no
Subject: Re: non-IDNA LDH Label ?

On Sun, Jul 18, 2010 at 05:42:12PM -0700, =JeffH wrote:
> Is it correct to define the notion of "non-IDNA LDH Labels" as the
> union of "NR-LDH labels" and "Fake A-labels" ?

I believe the answer is "no" because one should not register fake
A-labels.  However, this is a "soft" no because there's no strong
requirement to not allow registration of fake A-labels.

In the long run I'd expect that there will be apps and/or libraries that
will produce warnings, and even errors when fed fake A-labels, even if
that's not today either required nor recommented, and even if it were
explicitly not allowed.  Which means: we're all best off not allowing
the registration of fake A-labels in any DNS zones, and renaming any

(Continue reading)

John C Klensin | 19 Jul 2010 18:41

RE: non-IDNA LDH Label ?

--On Monday, July 19, 2010 16:20 +0000 Shawn Steele
<Shawn.Steele <at> microsoft.com> wrote:

> I'd expect some "fake" a-labels due to the disparity of
> allowed code points between 2003 and 2008.  Presumably some
> labels will be fake by one or the other.

As a set of concrete examples, any label containing a symbol or
punctuation character (most of which were valid under IDNA2003)
becomes a "Fake A-label" with IDNA2008 because it cannot be
obtained by applying the Punycode algorithm to a valid U-label.
Although it was against ICANN (and other) advice, several zones
have permitted such things to be registered.   

The list would get much longer if zones registered things that
were dubious, but not invalid for lookup, under IDNA2003.  An
example of that would be a label that included characters new to
Unicode 4.0 or 5.0 for which someone has extrapolated Nameprep
handling.  I suspect that has been done but, unlike the symbol
case, I can't immediately point to specific examples.

      john

Group

gmane.ietf.idnabis.

Project Web Page

IDNA (Internationalized Domain Names) update

Search Archive

Page

1

Articles in period: 9

July 2010

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

An implementer's lament (28 Nov 2012)
Updating RFC 5890-5893 (IDNA 2008) to Full Standard (18 Nov 2012)
Updating RFC 5890-5893 (IDNA 2008) to Full Standard (16 Nov 2012)
Updating RFC 5890-5893 (IDNA 2008) to Full Standard (15 Nov 2012)
Lookup for reserved LDH labels (6 Nov 2012)
[Editorial Errata Reported] RFC5892 (3312) (9 Aug 2012)
confusing notation in the ZERO WIDTH NON-JOINER contextual rule (6 Aug 2012)
how did the idna theory start? (1 Jul 2012)
WG Last Call for draft-ietf-websec-strict-transport-sec (21 Mar 2012)
Draft on IDN Tables in XML (13 Mar 2012)
Draft on IDN Tables in XML (12 Mar 2012)
Draft on IDN Tables in XML (11 Mar 2012)
Draft on IDN Tables in XML (1 Mar 2012)
[vip] Final Integrated Issues Report and Project Plan for Next Steps N (22 Feb 2012)
ICANN variant project update (21 Feb 2012)
Proposed new Firefox IDN display algorithm (20 Feb 2012)
Proposed new Firefox IDN display algorithm (8 Feb 2012)
Proposed new Firefox IDN display algorithm (20 Jan 2012)
IUCG initial comment to ICANN (5 Jan 2012)
ICANN variant project update (4 Jan 2012)
Browser IDN display policy: opinions sought (25 Dec 2011)

Archives

65	November 2012
4	October 2012
13	August 2012
10	July 2012
42	March 2012
27	February 2012
11	January 2012
125	December 2011
2	November 2011
28	October 2011
18	September 2011
12	August 2011
5	July 2011
1	June 2011
27	May 2011
34	April 2011
49	March 2011
45	February 2011
58	January 2011
29	December 2010
29	November 2010
126	October 2010
16	September 2010
9	July 2010
81	June 2010
1	May 2010
47	March 2010
70	February 2010
22	January 2010
553	December 2009
108	November 2009
202	October 2009
219	September 2009
250	August 2009
494	July 2009
47	June 2009
29	May 2009
294	April 2009
536	March 2009
228	February 2009
90	January 2009
282	December 2008
131	November 2008
270	October 2008
70	September 2008
93	August 2008
244	July 2008
74	June 2008
308	May 2008
226	April 2008
498	March 2008
168	February 2008
178	January 2008
102	December 2007
33	November 2007
1	September 2007
5	July 2007
112	June 2007
11	April 2007
17	March 2007
40	February 2007
78	January 2007
300	December 2006
96	November 2006
1	October 2006

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template