Re: IDN - 'Does it work?' draft. from Mark Davis on 2007-01-24 (public-i18n-core@w3.org from January to March 2007)

From: Mark Davis <mark.davis@icu-project.org>
Date: Wed, 24 Jan 2007 14:29:28 -0800
To: "Michael Monaghan" <Michael.Monaghan@sun.com>
Cc: "public-i18n-core@w3.org" <public-i18n-core@w3.org>
Message-ID: <30b660a20701241429y849c971ja8331d6dde845c6a@mail.gmail.com>
You should explain in the text about mouseover/title.

I would put the table above the explanation.

The information I got from MS is somewhat different than what you have,
since you alternate between script and language. Here are suggested
revisions.


   - Uses punycode to display a domain name if any one of the following
   conditions is met:
      - The domain name contains characters which are not a part of
      any language
      - A single domain label mixes characters that are not contained
      in any single language
      - The domain name contains characters from languages not
      included in the user's preferences
      - The IDN looks like it might be a homograph attack


=>


   - Uses punycode to display a domain name if any one of the following
   conditions is met:
      - The domain name contains characters which are not a part of
      any script
      - A single domain label mixes characters that are not contained
      in any single script
      - The domain name contains characters from scripts for languages
      not included in the user's preferences
      - The IDN looks like it might be a homograph attack

Mark

On 1/24/07, Michael Monaghan <Michael.Monaghan@sun.com> wrote:
>
> Hi,
>
> Please take a look at the attachment and send on your feedback/comments.
>
> The example table towards the bottom has mouseover/title text to explain
> how/why each
> browser does what it does with particular IDNs.
>
> Any takers on checking Safari and/or other browsers?
>
> Thanks,
>
> ~mm
>
>
>
>
>  Domain Names.
>
> Numerous domain name authorities already offer internationalized domain
> names. These include providers for such large domains as .cn, .jp, .kr, and
> many more.
>
> One of the problems associated with IDN support in browsers is that it can
> facilitate phishing. Consequently, most browsers that support IDN also put
> in place some safeguards to protect users from such fraud.
> Another problem is that Internet Explorer 6, with its huge market share,
> does not natively supported IDN [though plugins<http://support.microsoft.com/?kbid=842848>are available]. However, IE7, which does support IDN, will, over time,
> replace most IE6 installs.
>
> Note that, as a temporary fallback solution until IDN is more widely
> supported, content authors who want to point to a resource using an IDN can
> write the link text in native characters, but put a punycode representation
> in the href attribute. Though not an ideal solution, it would guarantee that
> the user would be able to link to the resource, whatever platform they used.
>
> You can run a basic check to see whether it works on your system using
> this simple test <http://www.w3.org/International/tests/sec-idn-1>.
>
> Here's a look at how some browsers support IDN:
>
>    1. Internet Explorer 7
>       - Looks at the languages selected in the browser preferences,
>       and from that deduces a set of scripts for which to fully enable IDN.
>       - Uses punycode to display a domain name if any one of the
>       following conditions is met:
>          - The domain name contains characters which are not a
>          part of any language
>          - A single domain label mixes characters that are not
>          contained in any single language
>          - The domain name contains characters from languages not
>          included in the user's preferences
>          - The IDN looks like it might be a homograph attack
>        - Allows IDN disabling
>       - Uses an icon at the end of the address bar to notify you
>       when an URL contains a non-ASCII character
>       - Some IDNs are garbled when scrolling through browsing
>       history in the address bar
>    2. Internet Explorer 6
>       - By default does not support IDN at all
>       - 3rd party plugins<http://support.microsoft.com/?kbid=842848>are available which provide IDN support
>     3. Firefox 2.x
>       - Handles IDNs mainly based on the URLs top-level-domain [TLD
>       - .com, .de, .jp etc.]
>       - Some TLDs are trusted, while others are not. IDNs within
>       trusted TLDs are displayed properly, while those not within trusted TLDs are
>       displayed as punycode
>       - IDN support can be switched off entirely by setting the
>       network.enableIDN preference to false, in the about:config
>       page
>       - IDNs that contain particular characters [e.g.
>       fraction-slash], even within trusted TLDs, are treated suspiciously, and are
>       displayed as punycode
>       - See Mozilla.org's policy on IDN-enabled TLDs<http://www.mozilla.org/projects/security/tld-idn-policy-list.html>
>     4. Mozilla 1.7x
>       - Supports IDN
>       - Displays all IDN URLs as punycode
>       - IDN support can be switched off entirely by setting the
>       network.enableIDN preference to false, in the about:config
>       page
>     5. Opera 9.1
>       - Supports IDN
>       - Uses a whitelist of TLDs for which to allow proper display
>       of IDNs
>       - However, even for some trusted TLDs, it will still display
>       IDNs as punycode, if any label mixes ceratain scripts
>       - Opera's list of illegal characters is slightly longer than
>       the official IDNA list. Some IDNs, while displayed as punycode in other
>       browsers, are entirely illegal in Opera
>
> Examples:
>   URL IE 7
>  Firefox 2.x
>  Opera 9.1
>   www.þorn.is <http://www.%C3%BEorn.is> www.þorn.is<http://www.%C3%BEorn.is>
> www.þorn.is <http://www.%C3%BEorn.is/> www.þorn.is<http://www.%C3%BEorn.is/>
> bäcker.com <http://b%C3%A4cker.com> bäcker.com/<http://xn--bcker-gra.com/>
> xn--bcker-gra.com/  bäcker.com/ <http://xn--bcker-gra.com/>  путин.museum<http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum>
> путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum> путин.museum<http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum/>
>  путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum/>  I♥NY.museum<http://I%E2%99%A5NY.museum>
> xn--iny-zx5a.museum/ i♥ny.museum/ <http://i%E2%99%A5ny.museum/>
> i♥ny.museum/ <http://i%E2%99%A5ny.museum/>  pаypal.museum<http://p%D0%B0ypal.museum>
> xn--pypal-4ve.museum/ pаypal.museum/ <http://p%D0%B0ypal.museum/>
> pаypal.museum/ <http://p%D0%B0ypal.museum/>  ibm.com⁄foo.museum<http://ibm.com%E2%81%84foo.museum>
> ibm.xn--comfoo-rq0c.museum ibm.xn--comfoo-rq0c.museum/ Illegal - Opera
> does not
> allow the fraction-slash
> character in URLs at all.
>   ップã.jp <http://%E3%83%83%E3%83%97%C3%A3.jp/> xn--3ca526vzba.jp/
>  ップã.jp/ <http://%E3%83%83%E3%83%97%C3%A3.jp/>
>  ップã.jp/ <http://%E3%83%83%E3%83%97%C3%A3.jp/>  ップãп.jp/<http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/>
>  xn--3ca43o0y0dkca.jp/
>  ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/>
>  ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/>
>   ップãп.co.uk <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.co.uk>
>  xn--3ca43o0y0dkca.co.uk/
>  xn--3ca43o0y0dkca.co.uk/
>  xn--3ca43o0y0dkca.co.uk/
>
>
>
>


-- 
Mark
Received on Wednesday, 24 January 2007 22:29:39 UTC