Re: Best practices related to IDN

Hi,

The discussions of the best practice are documented here
https://www.w3.org/community/bpmlod/wiki/Best_practises_-_previous_notes

The reason for preferring ASCII over IRIs are for compatibility... the
reason to prefer using ASCII domain names is to reduce the possibilities
for spoofing attack

e.g.,

http://www.gооgle.com/somesite <http://www.xn--ggle-55da.com/somesite> (
http://www.xn--ggle-55da.com/somesite)

Is much more dangerous in the domain name than in the path (where you can
only spoof data on the same server/domain).

For my understanding, the decision is really a compromise between avoiding
IRIs (still the preferred option when possible) and allowing people to use
readable URIs in non-Latin scripts. Furthermore, domain names demonstrate
some degree or ownership or responsibility for the data, and it is better
that this is stated in a script that most web users can read to build trust
in the dataset, i.e., from your example only a small amount of people would
be able to work with the string '本屋さん' but most would do better with
'honyasan' or 'japanese-book-store'.

Regards,
John

On Thu, Dec 4, 2014 at 12:01 PM, Felix Sasaki <fsasaki@w3.org> wrote:

> Hi all,
>
> at the Internationalization Working Group meeting in October (part of W3C
> TPAC) I was asked by I18N WG participants about our best practices. In
> particular it seems that we recommend the use of IRIs, that is non ASCII
> characters in the path part, but not IDNs, that is non ASCII in the domain
> part. That means:
>
> 1) The following is not recommended
> http://example.本屋さん.com/作家/夏目漱��
> <http://example.xn--48jwgy65kjdj.com/%E4%BD%9C%E5%AE%B6/%E5%A4%8F%E7%9B%AE%E6%BC%B1%E7%9F%B3>
>
> 2) The following is recommended
> http://example.japanese-book-store.com/作家/夏目漱��
>
> Is this really our latest thinking? If yes, that is the rationale behind
> this?
>
> Thanks,
>
> Felix
>