john daw | 3 Nov 18:14 2010
Picon

IDNA 2008 Question Re: "Confusable" Characters in Domain Names

Dear List Members,

I am a little unclear what impact the IDNA 2008 policy will have on
domain name registrant's who have a domain that does not fall under
the policy's permissible code-points, particularly symbol-based domain
names.

The IDNA 2008 protocol clearly explains what code point are permissible,
but what (in practice) will it mean if someone types in e.g. €.com in their
browser under IDNA 2008?

I do realise that an error message may be displayed, but will IDNA 2008 
allow the domain name registrant to satisfy the user's query by forwarding
them on to a different (legal) domain name?

I will hope to hear any replies on this matter.

Regards,

John Daw
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
Nicolas Williams | 3 Nov 18:27 2010
Picon

Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

On Wed, Nov 03, 2010 at 05:14:55PM +0000, john daw wrote:
> Dear List Members,I am a little unclear what impact the IDNA 2008
> policy will have ondomain name registrant's who have a domain that
> does not fall underthe policy's permissible code-points, particularly
> symbol-based domainnames.The IDNA 2008 protocol clearly explains what
> code point are permissible,but what (in practice) will it mean if
> someone types in e.g. €.com in theirbrowser under IDNA 2008?I do
> realise that an error message may be displayed, but will IDNA 2008
> allow the domain name registrant to satisfy the user's query by
> forwardingthem on to a different (legal) domain name?I will hope to
> hear any replies on this matter.Regards,John Daw 		 	   		  

Is this a good translation of your question:

    Are TLD registrars allowed to include CNAME RRs for domains
    otherwise not allowed either by IDNA2008 or by the registrar?

?

Nico
--

-- 
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
Vint Cerf | 3 Nov 18:58 2010
Picon

Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

If your browser is operating under purely idna2008 rules the lookup should fail. But some implementations may permit the lookup without verfying the legality of the characters in the lookup string. V

From: idna-update-bounces <at> alvestrand.no <idna-update-bounces <at> alvestrand.no>
To: idna-update <at> alvestrand.no <idna-update <at> alvestrand.no>
Sent: Wed Nov 03 13:14:55 2010
Subject: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

Dear List Members,

I am a little unclear what impact the IDNA 2008 policy will have on
domain name registrant's who have a domain that does not fall under
the policy's permissible code-points, particularly symbol-based domain
names.

The IDNA 2008 protocol clearly explains what code point are permissible,
but what (in practice) will it mean if someone types in e.g. €.com in their
browser under IDNA 2008?

I do realise that an error message may be displayed, but will IDNA 2008 
allow the domain name registrant to satisfy the user's query by forwarding
them on to a different (legal) domain name?

I will hope to hear any replies on this matter.

Regards,

John Daw
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
J-F C. Morfin | 4 Nov 03:55 2010

Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

John,

The question is quite confusing. So let us go through it step by step. As,

At 18:58 03/11/2010, Vint Cerf wrote:
If your browser is operating under purely idna2008 rules the lookup should fail. But some implementations

that you may also use on your own, same computer...

may permit the lookup without verfying the legality of the characters in the lookup string. V

and resolve differently.

1. Let us try it

on my ISP, which does not seem to offer a good 404 commercial replacement, if I enter €.com:

- Firefox: "Firefox ne peut trouver le serveur 'adresse www.xn--lzg.com". - Cannot find the host at address www.xn-lzg.com (please note: "address")

- Explorer: echoes €.com as xn--lzg.com, says that IE did not find the €.com page and suggests to  either access the hm.-com page or to search on Google, which also does not know "€", so back to Explorer for a second try and this time the suggestion is for "hm.com", and the final resolution is the http://hm.com page of H&M (please note: "page").

- Chrome: it states that it was unable to find the xn--lzg.com page (please note: "page") and proposes for me to access either: xn--lzg.net, xn--lzga.com, xn--ozg.com, or to search Google for... "lzg".
 
With xn--lzg.net:  I reach a "€ - euro - €" website accompanied by Google ads.
With xn--lzga.com: I reach a Klader.nu portal selling me plenty of exciting domain names, including £££.net and €ngland.com
With xn--ozg: I get a Bad Request (Invalid Hostname) from an unknown destination
When I google "lzg", I get 534,000 results.

- nslookup (prompt): my Internet box states that  "_.com" is a non-existent domain (please note; "domain")

- ftp .com: the computer responds "unknown host" (please note: "host"),

etc.

2. What’s the reason for these exotic answers?

There are at least three reasons:

2.1. IDNA2003 permitted possibilities that are supported differently by browsers (as tested above).

2.2. IDNA2008 purposely has a _no_ response to your question. IDNA2008 is only for the Internet side, and not for the user side. The user side is suggested (for information) to follow the indications of RFC 5895.

2.3. The IDNA concept of Internationalizing Domain Names in Applications (IDNA), as shown by the example above, is an architectural error on the user side. However, this error is in operation, so we needed to continue supporting it, to decide and document an alternative, to protect the Internet from it, and to transition from it. IDNA2008 protects the Internet in stating as to which Internet domain names labels are accepted by the Internet DNS. To document an architectural replacement (on the user side) is simpler now the Internet side is stabilized, but also much more complex because the IETF can only document SHOULDs outside of the Internet scope, i.e. in this case on the user side.

This means that now the IAB is to decide and document the IETF SHOULDs in that area (RFC under finalization). Several architectural possibilities can be considered as far as the user side MUSTs could be documented. Thereafter, the question of who would organize an authoritative documentation of these possibilities arises. As RFC 5895 puts it: this is an unusual case.

-----

Now, for your information, outside of the now closed WG/IDNABis but still probably subject to ISOC Copyright, we (IUsers) are working on exploring, testing, and authoritatively documenting one of these possibilities called the "ML-DNS", i.e. MultiLayer-DNS. I will describe it in an I_D when it has been finaly released as public domain (this copyright issue does not help ...).

I announced, from the very onset of the IDNABis work, as soon as the today still prevailing limits were self-imposed by the Chairs (previous WG/IDNA and WG/IDNAbis) that I would build-it on top of IDNA2008. It was possible for the IDNA2008 to be consensually agreed because the RFC 5895 proposed text in turn removed conflicts with the ML-DNS project. Once this was clarified (a fundamental change in the way the Internet supports diversity, any diversity), I made sure through an Appeal procedure that neither the IESG nor the IAB opposed that limitation to the IETF scope.

This clarified the IUser community area. It results from IDNA2008 and from the digital convergence [the Internet as an intertechnology network]. This is the area where any Intelligent Use of every possible digital system, including the Internet Use Interfacing (IUI), leads to the necessary respect of the IETF MUSTs. As far as the Internet is concerned, these MUSTs are world digital ecosystem network AREs, that no-Internet MUST can dispute.

In the ML-DNS, "€.com" may be given a meaning. However, that meaning,
(1) will be the same for every network and user application on your computer;
(2) will not conflict with IDNA 2008 on the Internet part of the World Digital Ecosystem Network;
(3) will be supported along the same rules by every IUser's ML-DNS. Please ensure to note that "same rules" does not necessarily mean " same IP resolution".

jfc

From: idna-update-bounces <at> alvestrand.no < idna-update-bounces <at> alvestrand.no>
To: idna-update <at> alvestrand.no < idna-update <at> alvestrand.no>
Sent: Wed Nov 03 13:14:55 2010
Subject: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

Dear List Members,

I am a little unclear what impact the IDNA 2008 policy will have on
domain name registrant's who have a domain that does not fall under
the policy's permissible code-points, particularly symbol-based domain
names.

The IDNA 2008 protocol clearly explains what code point are permissible,
but what (in practice) will it mean if someone types in e.g. €.com in their
browser under IDNA 2008?

I do realise that an error message may be displayed, but will IDNA 2008
allow the domain name registrant to satisfy the user's query by forwarding
them on to a different (legal) domain name?

I will hope to hear any replies on this matter.

Regards,

John Daw
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
Andrew Sullivan | 4 Nov 16:08 2010

Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

On Wed, Nov 03, 2010 at 12:27:37PM -0500, Nicolas Williams wrote:
>     Are TLD registrars allowed to include CNAME RRs for domains
>     otherwise not allowed either by IDNA2008 or by the registrar?

zone operators can, of course, do whatever they want in the zones they
operate, subject to whatever agreements they have about delegation.
But a CNAME wouldn't do much good, would it, since it will only
redirect the name itself and not any names underneath.

A

--

-- 
Andrew Sullivan
ajs <at> shinkuro.com
Shinkuro, Inc.
Nicolas Williams | 4 Nov 16:32 2010
Picon

Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

On Thu, Nov 04, 2010 at 11:08:10AM -0400, Andrew Sullivan wrote:
> On Wed, Nov 03, 2010 at 12:27:37PM -0500, Nicolas Williams wrote:
> >     Are TLD registrars allowed to include CNAME RRs for domains
> >     otherwise not allowed either by IDNA2008 or by the registrar?
> 
> zone operators can, of course, do whatever they want in the zones they
> operate, subject to whatever agreements they have about delegation.
> But a CNAME wouldn't do much good, would it, since it will only
> redirect the name itself and not any names underneath.

Of course, but I was trying to understand if the OP was trying to ask
that question, as I couldn't imagine how else "redirects" might work at
the DNS level.  The OP's question just makes no sense to me.
Shawn Steele | 4 Nov 21:40 2010
Picon

RE: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

I’d like to throw in my 2 cents.  Clearly a browser has no clue if the DNS layer is operating under IDNA2003 or IDNA2008 rules, nor even if the current browser supports post-IDNA2008 rules (like characters new to Unicode since IDNA2008).  Particularly since different zones could operate under different rules.  I think it’s likely that some browsers will have a relaxed set of rules, since strict adherence to any particular version would likely break names/zones, whether future or old.  The existence of UTS#46 seems to support the idea that some flexibility is desired.

 

IMO it’s not the client’s responsibility to say whether DNS rules are being followed, but rather the DNS layer’s responsibility to correctly resolve names and provide the appropriate errors when the name isn’t valid.

 

-Shawn

 

From: idna-update-bounces <at> alvestrand.no [mailto:idna-update-bounces <at> alvestrand.no] On Behalf Of Vint Cerf
Sent: Poʻakolu, Nowemapa 03, 2010 10:58 AM
To: taliskermoon <at> hotmail.co.uk; idna-update <at> alvestrand.no
Subject: Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

 

If your browser is operating under purely idna2008 rules the lookup should fail. But some implementations may permit the lookup without verfying the legality of the characters in the lookup string. V

 

From: idna-update-bounces <at> alvestrand.no <idna-update-bounces <at> alvestrand.no>
To: idna-update <at> alvestrand.no <idna-update <at> alvestrand.no>
Sent: Wed Nov 03 13:14:55 2010
Subject: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

Dear List Members,

 

I am a little unclear what impact the IDNA 2008 policy will have on

domain name registrant's who have a domain that does not fall under

the policy's permissible code-points, particularly symbol-based domain

names.

 

The IDNA 2008 protocol clearly explains what code point are permissible,

but what (in practice) will it mean if someone types in e.g. €.com in their

browser under IDNA 2008?

 

I do realise that an error message may be displayed, but will IDNA 2008 

allow the domain name registrant to satisfy the user's query by forwarding

them on to a different (legal) domain name?

 

I will hope to hear any replies on this matter.

 

Regards,

 

John Daw

_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
J-F C. Morfin | 4 Nov 22:09 2010

RE: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

At 21:40 04/11/2010, Shawn Steele wrote:
>IMO it’s not the client’s responsibility to say whether DNS 
>rules are being followed, but rather the DNS layer’s 
>responsibility to correctly resolve names and provide the 
>appropriate errors when the name isn’t valid.

Correct. All what is expected from the client is to be transparent to 
the user entry when its "IDNinA" support is not requested. Whatever 
the kind of DNS "IDNApplication" front-end used by the  user, it must 
be able to receive the very entry the user has keyed.
jfc
   
john daw | 5 Nov 15:17 2010
Picon

RE: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

JFC Morfin wrote:

2.3. The IDNA concept of Internationalizing Domain Names in Applications (IDNA), as
shown by the example above, is an architectural error on the user side. However, this
error is in operation, so we needed to continue supporting it, to decide and document
an alternative, to protect the Internet from it, and to transition from it.

----------

I agree with this, and must say that i'm not involved in the architecture of the Internet in
any way, as my original email might suggest. €.com, however, ought to be "supported"
as an existing domain name that is currently in operation.

To make the decision not to support such a domain name is directly in defiance of the
principles that I *believed* the Internet was founded upon. €.com was probably not a
good example to give, however, as it currently has no content on the name.

£.com, denoting the British pound, is perhaps a better example as the owner has had a
working site on this domain name since 2004.

Regarding this thread, here is a little "food for thought":

1. Out of the hundreds of (potential) symbol-based domain names in the world, there
are really only two domains that IDNA 2008 significantly effects, from a commercial
standpoint, €.com and £.com. They are the only two "famous" symbol-based domain 
names in the world, that are also immediately type-able on many country keyboards.

When were the registrant's of those domain names ever informed that "some day soon" 
they will wake up to find their Internet presence has just been made null and void?... No
warning, no consultation, nothing.

Tina Dam recently stated, publicly, that IDN registrant's have always been made aware
of the idea that IDN is a "test bed" and that normal registration rights do not apply. In
practice, however, this is completely untrue. In fact, over the last nine years or so, ICANN
accredited registrar's have gleefully and dutifully promoted the registration and use of
the (now) so-called "confusable" domain names with no warnings whatsoever.

2. What are the decision-making principles behind the idea that symbol-based domains
(symbols are a necessary and legitimate part of every keyboard in the world) should
suddenly be deleted from the Internet landscape?... Who has made these decisions, and
how and why have they been able to decide to exclude them from use?

Certainly, the often-touted "phishing" argument can't be used, or some romantic notion
about protecting the Internet or it's users. Of course, no such protection is needed, and
no user confusion could occur either.

3. It is my understanding that the Internet has always had a history of domain anomalies,
but why is it exactly that the symbol-based domain name circumstance is treated differently
from e.g. the three single-letter .com domains that were "allowed" to exist back in 1993?

4. Certainly, unlike the three anomalies referred to above, there is no big company listed
as owner of either €.com or £.com. Would the IETF's actions have changed then if there
were? 

5. Regardless of the scenario of three single-letter .com domains that were mysteriously
allowed to exist in 1993, as vanities for three large companies, by consciously making the
decision to discriminate against symbol-based domain names the UK public is being denied
the opportunity to (popularly) participate in the debate whether to keep the British pound or
decide upon the European euro, as their currency.

Regards,

John Daw
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update
Andrew Sullivan | 5 Nov 22:17 2010

Re: IDNA 2008 Question Re: "Confusable" Characters in Domain Names

On Thu, Nov 04, 2010 at 08:40:47PM +0000, Shawn Steele wrote:

> I’d like to throw in my 2 cents.  Clearly a browser has no clue if
> the DNS layer is operating under IDNA2003 or IDNA2008 rules

I have no idea what this would me.  The DNS layer is not operating
under _either_ IDNA2003 or IDNA2008 rules.  It's operating like it
always did: it matches labels, one label at a time, and it matches
them exactly, bit for bit.  Moreover, under IDNA of any flavour, it
does that under the constraint of the old-fashioned hostname rules
(which means, roughly, letters, digits, hyphen or LDH).

> IMO it’s not the client’s responsibility to say whether DNS rules
> are being followed, but rather the DNS layer’s responsibility to
> correctly resolve names and provide the appropriate errors when the
> name isn’t valid.

The rules _are not_ DNS rules, and if that isn't perfectly clear from
reading IDNA2008, I have no idea how to make it more so.

A

--

-- 
Andrew Sullivan
ajs <at> shinkuro.com
Shinkuro, Inc.
_______________________________________________
Idna-update mailing list
Idna-update <at> alvestrand.no
http://www.alvestrand.no/mailman/listinfo/idna-update

Gmane