W3C home > Mailing lists > Public > www-international@w3.org > January to March 2005

RE: IDN - RTL

From: Stephen Deach <sdeach@adobe.com>
Date: Sun, 20 Feb 2005 20:25:02 -0800
To: Martin Duerst <duerst@w3.org>, Stephen Deach <sdeach@adobe.com>, Jony Rosenne <rosennej@qsm.co.il>, www-international@w3.org
Message-id: <6.1.1.1.2.20050220200908.01fef7b0@mailsj-v1.corp.adobe.com>

It appeared that the majority of the recent discussions (from 2005Feb10 to 
present under the topic "IDN Problem..." and some portion of the comments 
under "IDN - RTL") dealt with fraud/security issues caused by substitutions 
of similar looking glyphs in a mixed-script environment. My comment was 
directed at that aspect of the discussion.

If the ISP/DSN people wish to simplify conversions of bidi content for 
processing purposes, I have no input to offer (except that I have seen 
ISO-latin-1 numbers embedded within Arabic and Hebrew company names, so 
this must be a conscious decision to exclude them or restrict certain 
asymmetric combinations).


At 2005.02.21-09:27(+0900), Martin Duerst wrote:
>Hello Stephen,
>
>The bidi restrictions have not been made to avoid phishing attacks,
>but to make conversion from visual to logical and back straightforward.
>This is needed just so that people can get an idea of how to type a
>domain name with RTL characters. Of course, as a result, some
>spoofing attacks are also avoided, but that wasn't the main
>motivation.
>
>Regards,    Martin.
>
>At 00:35 05/02/21, Stephen Deach wrote:
> >
> >But there are company names like 1-800-FLOWERS (1800flowers.com) or 
> call4flowers or A1CarRepair or 71SaintPeter (a local restaurant).
> >I see common use of Roman numbers in non-last positions within 
> alphabetic contexts (especially company and service tradenames) in all 
> European languages, Japanese, Arabic & Hebrew.
> >   How can you design a policy that would allow these (or other 
> legitimate usage) yet preclude paypa1.com or goog1e.com (both contain 
> ones rather than ells) or more clever mappings of symbols or dingbats or 
> foreign scripts. (There is no codepoint-based method to disambiguate most 
> latin-1 based central-european languages, for example.)
> >
> >This whole effort appears to be futile, I don't think any policy you 
> establish will completely protect against spoofing.
> >
> >
> >At 2005.02.20-05:04(+0200), Jony Rosenne wrote:
> >
> >
> >
> >> > -----Original Message-----
> >> > From: Simon Montagu [mailto:smontagu@smontagu.org]
> >> > Sent: Saturday, February 19, 2005 11:47 PM
> >> > To: Jony Rosenne
> >> > Cc: www-international@w3.org
> >> > Subject: Re: IDN - RTL
> >> >
> >> >
> >> > Jony Rosenne wrote:
> >> > > The restriction is too restrictive and unrealistic from the
> >> > point of
> >> > > view of RTL users.
> >> > >
> >> > > It is certain that not allowing these names will cause problems.
> >> > >
> >> > > I would like to see strong evidence that a string like $B`n…(B or
> >> > > www.$B`nů(B.il <http://www.$B`nů(B.il> causes a major problem.
> >> >
> >> > There is a spoofing problem, since www.1$B`n…(Bil and www.$B`n…(B.il 
> (1ALEF
> >> > and ALEF1) have the same visual rendering.
> >>
> >>I request to relax the restriction only for trailing digits.
> >>
> >>Jony
> >>
> >> >
> >> >
> >> >
> >> >
> >
> >
> >---Steve Deach
> >    sdeach@adobe.com
> >


---Steve Deach
    sdeach@adobe.com  
Received on Monday, 21 February 2005 04:38:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:17:04 GMT