W3C home > Mailing lists > Public > www-international@w3.org > July to September 2007

Re: Urdu IDNs: Characters in domain names

From: David Clarke <d.r.clarke@sheffield.ac.uk>
Date: Tue, 07 Aug 2007 15:22:43 +0100
Message-ID: <46B88033.4050105@sheffield.ac.uk>
To: Richard Ishida <ishida@w3.org>
CC: www-international@w3.org, public-iri@w3.org, "'Sarmad Hussain'" <sarmad.hussain@nu.edu.pk>
The plug-in rewriting URL approach is dangerous....

One of the most severe problems that might be caused by using plug-ins
in browsers results from the fact that browsers are not the only
technology to make use of URLs.

If users find that a URL works in one technology (e.g. browser with
plug-in) they may reasonably assume that the URL will work everywhere.
If such an assumption is made then the following will be likely points
of failure.

1) Links in a web page will fail for browsers without a plug-in

2) Links that are transferred to other technologies may fail. e.g.
within PDFs, or emails

3) “Plug-in” domains will not be valid for email addresses (unless the
all the email clients get a matching plug-in)

4) Additional confusion will occur if Internationalised TLDs are
eventually introduced and they do not precisely match the rules created
by the plugin.

5) If International TLDs have the same name as any used by a plug-in,
then users with the plug-ins installed will be unable to reach the
internationalised TLD. e.g. there is a plugin that maps .CM to .com . if
.CM is ever allowed, it will be masked by a plug-in redirecting it to
the .com . This opens up a range of phishing opportunities.

6) If the plug-ins can be updated from external “reference” sources,
there is potential for them to be used directly for phishing, by
directing users to a phishing site set up on a different top-level domain.

In short, although such plug-ins may appear helpful in the short term,
they may severely disadvantage their users in the future.

Received on Tuesday, 7 August 2007 14:23:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 21 September 2016 22:37:28 UTC