W3C home > Mailing lists > Public > www-international@w3.org > January to March 2005

RE: IDN - RTL

From: Jony Rosenne <rosennej@qsm.co.il>
Date: Mon, 21 Feb 2005 08:17:47 +0200
To: <www-international@w3.org>
Message-ID: <000001c517dd$117b9450$0100000a@QSM7>



> -----Original Message-----
> From: Stephen Deach [mailto:sdeach@adobe.com] 
> Sent: Monday, February 21, 2005 6:25 AM
> To: Martin Duerst; Stephen Deach; Jony Rosenne; 
> www-international@w3.org
> Subject: RE: IDN - RTL
> 
> 
> It appeared that the majority of the recent discussions (from 
> 2005Feb10 to 
> present under the topic "IDN Problem..." and some portion of 
> the comments 
> under "IDN - RTL") dealt with fraud/security issues caused by 
> substitutions 
> of similar looking glyphs in a mixed-script environment. My 
> comment was 
> directed at that aspect of the discussion.
> 
> If the ISP/DSN people wish to simplify conversions of bidi 
> content for 
> processing purposes, I have no input to offer (except that I 
> have seen 
> ISO-latin-1 numbers embedded within Arabic and Hebrew company 
> names, so 
> this must be a conscious decision to exclude them or restrict certain 
> asymmetric combinations).

A small correction: You may have seen ISO-8859-8 (Hebrew) or ISO-8859-6
(Arabic) digits embedded within company names, I don't think anyone imbeds
ISO-8859-1. The confusion is understandable - they are the same. 

The main point is: I understand the technical justifications for the IDN
decision, but I don't think the user community will accept it or abide by
it.

Jony


> 
> 
> At 2005.02.21-09:27(+0900), Martin Duerst wrote:
> >Hello Stephen,
> >
> >The bidi restrictions have not been made to avoid phishing attacks,
> >but to make conversion from visual to logical and back 
> straightforward.
> >This is needed just so that people can get an idea of how to type a
> >domain name with RTL characters. Of course, as a result, some
> >spoofing attacks are also avoided, but that wasn't the main
> >motivation.
> >
> >Regards,    Martin.
> >
> >At 00:35 05/02/21, Stephen Deach wrote:
> > >
> > >But there are company names like 1-800-FLOWERS 
> (1800flowers.com) or 
> > call4flowers or A1CarRepair or 71SaintPeter (a local restaurant).
> > >I see common use of Roman numbers in non-last positions within 
> > alphabetic contexts (especially company and service 
> tradenames) in all 
> > European languages, Japanese, Arabic & Hebrew.
> > >   How can you design a policy that would allow these (or other 
> > legitimate usage) yet preclude paypa1.com or goog1e.com 
> (both contain 
> > ones rather than ells) or more clever mappings of symbols 
> or dingbats or 
> > foreign scripts. (There is no codepoint-based method to 
> disambiguate most 
> > latin-1 based central-european languages, for example.)
> > >
> > >This whole effort appears to be futile, I don't think any 
> policy you 
> > establish will completely protect against spoofing.
> > >
> > >
> > >At 2005.02.20-05:04(+0200), Jony Rosenne wrote:
> > >
> > >
> > >
> > >> > -----Original Message-----
> > >> > From: Simon Montagu [mailto:smontagu@smontagu.org]
> > >> > Sent: Saturday, February 19, 2005 11:47 PM
> > >> > To: Jony Rosenne
> > >> > Cc: www-international@w3.org
> > >> > Subject: Re: IDN - RTL
> > >> >
> > >> >
> > >> > Jony Rosenne wrote:
> > >> > > The restriction is too restrictive and unrealistic from the
> > >> > point of
> > >> > > view of RTL users.
> > >> > >
> > >> > > It is certain that not allowing these names will 
> cause problems.
> > >> > >
> > >> > > I would like to see strong evidence that a string 
> like $B`n.(B or
> > >> > > www.$B`n.(B.il <http://www.$B`n.(B.il> causes a 
> major problem.
> > >> >
> > >> > There is a spoofing problem, since www.1$B`n.(Bil and 
> www.$B`n.(B.il 
> > (1ALEF
> > >> > and ALEF1) have the same visual rendering.
> > >>
> > >>I request to relax the restriction only for trailing digits.
> > >>
> > >>Jony
> > >>
> > >> >
> > >> >
> > >> >
> > >> >
> > >
> > >
> > >---Steve Deach
> > >    sdeach@adobe.com
> > >
> 
> 
> ---Steve Deach
>     sdeach@adobe.com  
> 
> 
> 
Received on Monday, 21 February 2005 06:23:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:17:04 GMT