> Nah. It's poor design of IDN. They should have disallowed mixing > characters > from different scripts in one URL. It wouldn't have ruled out all of the > problems, but most of them. I disagree. There are plenty of cases in which scripts are mixed naturally in languages that use non-Latin scripts. For example, many languages use the Latin digits in preference to native script digits. Should we allow the Latin digits into a non-ASCII domain name? Oh, the slippery slope... For that matter, I can construct a perfect "paypal" string using ONLY Cyrillic letters. Restrictions to one script doesn't prevent the homograph attack. It just requires one to be more clever. U+0440 U+0430 U+0443 U+0440 U+0430 U+04C0 looks just as good in my browser... Addison Addison P. Phillips Director, Globalization Architecture http://www.webMethods.com Chair, W3C Internationalization Core Working Group http://www.w3.org/International Internationalization is an architecture. It is not a feature. > -----Original Message----- > From: unicode-bounce@unicode.org > [mailto:unicode-bounce@unicode.org]On Behalf Of Adam Twardoch > Sent: 2005年2月10日 16:27 > To: John Hudson; John Burger > Cc: www-international@w3.org; Unicode Mailing List > Subject: Re: IDN problem.... :( > > > > ----- Original Message ----- > From: "John Hudson" <tiro@tiro.com> > > > The security issue is simply due to the fact that some characters > > typically look identical to other characters. So change the appearance. > > Nah. It's poor design of IDN. They should have disallowed mixing > characters > from different scripts in one URL. It wouldn't have ruled out all of the > problems, but most of them. > > A. > >Received on Friday, 11 February 2005 01:20:53 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:34:18 GMT