Re: IDN - 'Does it work?' draft.

Thank you for creating the document, Michael, and for your input, Mark!
I'd propose to see if we can get more input from Richard next week and
if we can publish this.

Regards, Felix.

Mark Davis wrote:
> You should explain in the text about mouseover/title.
> 
> I would put the table above the explanation.
> 
> The information I got from MS is somewhat different than what you have,
> since you alternate between script and language. Here are suggested
> revisions.
> 
>     * Uses punycode to display a domain name if any one of the following
>       conditions is met:
>           o The domain name contains characters which are not a part of
>             any language
>           o A single domain label mixes characters that are not
>             contained in any single language
>           o The domain name contains characters from languages not
>             included in the user's preferences
>           o The IDN looks like it might be a homograph attack
> 
> =>
> 
>     * Uses punycode to display a domain name if any one of the following
>       conditions is met:
>           o The domain name contains characters which are not a part of
>             any script
>           o A single domain label mixes characters that are not
>             contained in any single script
>           o The domain name contains characters from scripts for
>             languages not included in the user's preferences
>           o The IDN looks like it might be a homograph attack
> 
> Mark
> 
> On 1/24/07, *Michael Monaghan* <Michael.Monaghan@sun.com
> <mailto:Michael.Monaghan@sun.com>> wrote:
> 
>     Hi,
> 
>     Please take a look at the attachment and send on your feedback/comments.
> 
>     The example table towards the bottom has mouseover/title text to
>     explain how/why each
>     browser does what it does with particular IDNs.
> 
>     Any takers on checking Safari and/or other browsers?
> 
>     Thanks,
> 
>     ~mm
> 
> 
> 
> 
>     Domain Names.
> 
>     Numerous domain name authorities already offer internationalized
>     domain names. These include providers for such large domains as .cn,
>     .jp, .kr, and many more.
> 
>     One of the problems associated with IDN support in browsers is that
>     it can facilitate phishing. Consequently, most browsers that support
>     IDN also put in place some safeguards to protect users from such fraud.
>     Another problem is that Internet Explorer 6, with its huge market
>     share, does not natively supported IDN [though plugins
>     <http://support.microsoft.com/?kbid=842848> are available]. However,
>     IE7, which does support IDN, will, over time, replace most IE6 installs.
> 
>     Note that, as a temporary fallback solution until IDN is more widely
>     supported, content authors who want to point to a resource using an
>     IDN can write the link text in native characters, but put a punycode
>     representation in the href attribute. Though not an ideal solution,
>     it would guarantee that the user would be able to link to the
>     resource, whatever platform they used.
> 
>     You can run a basic check to see whether it works on your system
>     using this simple test
>     <http://www.w3.org/International/tests/sec-idn-1>.
> 
>     Here's a look at how some browsers support IDN:
> 
>        1. Internet Explorer 7
>               * Looks at the languages selected in the browser
>                 preferences, and from that deduces a set of scripts for
>                 which to fully enable IDN.
>               * Uses punycode to display a domain name if any one of the
>                 following conditions is met:
>                     o The domain name contains characters which are not
>                       a part of any language
>                     o A single domain label mixes characters that are
>                       not contained in any single language
>                     o The domain name contains characters from languages
>                       not included in the user's preferences
>                     o The IDN looks like it might be a homograph attack
>               * Allows IDN disabling
>               * Uses an icon at the end of the address bar to notify you
>                 when an URL contains a non-ASCII character
>               * Some IDNs are garbled when scrolling through browsing
>                 history in the address bar
>        2. Internet Explorer 6
>               * By default does not support IDN at all
>               * 3^rd party plugins
>                 <http://support.microsoft.com/?kbid=842848> are
>                 available which provide IDN support
>        3. Firefox 2.x
>               * Handles IDNs mainly based on the URLs top-level-domain
>                 [TLD - .com, .de, .jp etc.]
>               * Some TLDs are trusted, while others are not. IDNs within
>                 trusted TLDs are displayed properly, while those not
>                 within trusted TLDs are displayed as punycode
>               * IDN support can be switched off entirely by setting the
>                 |network.enableIDN| preference to false, in the
>                 about:config page
>               * IDNs that contain particular characters [e.g.
>                 fraction-slash], even within trusted TLDs, are treated
>                 suspiciously, and are displayed as punycode
>               * See Mozilla.org's policy on IDN-enabled TLDs
>                 <http://www.mozilla.org/projects/security/tld-idn-policy-list.html>
>        4. Mozilla 1.7x
>               * Supports IDN
>               * Displays all IDN URLs as punycode
>               * IDN support can be switched off entirely by setting the
>                 |network.enableIDN| preference to false, in the
>                 about:config page
>        5. Opera 9.1
>               * Supports IDN
>               * Uses a whitelist of TLDs for which to allow proper
>                 display of IDNs
>               * However, even for some trusted TLDs, it will still
>                 display IDNs as punycode, if any label mixes ceratain
>                 scripts
>               * Opera's list of illegal characters is slightly longer
>                 than the official IDNA list. Some IDNs, while displayed
>                 as punycode in other browsers, are entirely illegal in Opera
> 
>     Examples:
> 
>     URL  IE 7
>      Firefox 2.x
>      Opera 9.1
>     www.þorn.is <http://www.%C3%BEorn.is>  www.þorn.is
>     <http://www.%C3%BEorn.is>  www.þorn.is <http://www.%C3%BEorn.is/>
>     www.þorn.is <http://www.%C3%BEorn.is/>
>     bäcker.com <http://b%C3%A4cker.com>  bäcker.com/
>     <http://xn--bcker-gra.com/>  xn--bcker-gra.com/
>     <http://xn--bcker-gra.com/>   bäcker.com/ <http://xn--bcker-gra.com/>
>     путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum>
>     путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum>
>     путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum/>
>      путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum/>
>     I♥NY.museum <http://I%E2%99%A5NY.museum>  xn--iny-zx5a.museum/
>     <http://xn--iny-zx5a.museum/>  i♥ny.museum/
>     <http://i%E2%99%A5ny.museum/>   i♥ny.museum/
>     <http://i%E2%99%A5ny.museum/>
>     pаypal.museum <http://p%D0%B0ypal.museum>  xn--pypal-4ve.museum/
>     <http://xn--pypal-4ve.museum/>  pаypal.museum/
>     <http://p%D0%B0ypal.museum/>   pаypal.museum/
>     <http://p%D0%B0ypal.museum/>
>     ibm.com⁄foo.museum <http://ibm.com%E2%81%84foo.museum>
>     ibm.xn--comfoo-rq0c.museum <http://ibm.xn--comfoo-rq0c.museum>
>     ibm.xn--comfoo-rq0c.museum/ <http://ibm.xn--comfoo-rq0c.museum/>
>     Illegal - Opera does not
>     allow the fraction-slash
>     character in URLs at all.
>     ップã.jp <http://%E3%83%83%E3%83%97%C3%A3.jp/>  xn--3ca526vzba.jp/
>     <http://xn--3ca526vzba.jp/>
>      ップã.jp/ <http://%E3%83%83%E3%83%97%C3%A3.jp/>
>      ップã.jp/ <http://%E3%83%83%E3%83%97%C3%A3.jp/>
>     ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/>
>      xn--3ca43o0y0dkca.jp/ <http://xn--3ca43o0y0dkca.jp/>
>      ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/>
>      ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/>
>     ップãп.co.uk <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.co.uk>
>      xn--3ca43o0y0dkca.co.uk/ <http://xn--3ca43o0y0dkca.co.uk/>
>      xn--3ca43o0y0dkca.co.uk/ <http://xn--3ca43o0y0dkca.co.uk/>
>      xn--3ca43o0y0dkca.co.uk/ <http://xn--3ca43o0y0dkca.co.uk/>
> 
> 
> 
> 
> 
> 
> -- 
> Mark

Received on Thursday, 25 January 2007 04:00:49 UTC