- From: Michael Monaghan <Michael.Monaghan@Sun.COM>
- Date: Mon, 29 Jan 2007 15:36:54 -0500
- To: Felix Sasaki <fsasaki@w3.org>
- Cc: "public-i18n-core@w3.org" <public-i18n-core@w3.org>, Mark Davis <mark.davis@icu-project.org>
- Message-id: <45BE5AE6.6080804@sun.com>
Hi All, Attached is a revised draft. Updated some of the IE7 info. Mark - if there's anything included that is at odds with what you've heard from MS, pls advise. Formatting needs some work I think, but first let's agree on the content. Thanks, ~mm Felix Sasaki wrote: > Thank you for creating the document, Michael, and for your input, Mark! > I'd propose to see if we can get more input from Richard next week and > if we can publish this. > > Regards, Felix. > > Mark Davis wrote: >> You should explain in the text about mouseover/title. >> >> I would put the table above the explanation. >> >> The information I got from MS is somewhat different than what you have, >> since you alternate between script and language. Here are suggested >> revisions. >> >> * Uses punycode to display a domain name if any one of the following >> conditions is met: >> o The domain name contains characters which are not a part of >> any language >> o A single domain label mixes characters that are not >> contained in any single language >> o The domain name contains characters from languages not >> included in the user's preferences >> o The IDN looks like it might be a homograph attack >> >> => >> >> * Uses punycode to display a domain name if any one of the following >> conditions is met: >> o The domain name contains characters which are not a part of >> any script >> o A single domain label mixes characters that are not >> contained in any single script >> o The domain name contains characters from scripts for >> languages not included in the user's preferences >> o The IDN looks like it might be a homograph attack >> >> Mark >> >> On 1/24/07, *Michael Monaghan* <Michael.Monaghan@sun.com >> <mailto:Michael.Monaghan@sun.com>> wrote: >> >> Hi, >> >> Please take a look at the attachment and send on your feedback/comments. >> >> The example table towards the bottom has mouseover/title text to >> explain how/why each >> browser does what it does with particular IDNs. >> >> Any takers on checking Safari and/or other browsers? >> >> Thanks, >> >> ~mm >> >> >> >> >> Domain Names. >> >> Numerous domain name authorities already offer internationalized >> domain names. These include providers for such large domains as .cn, >> .jp, .kr, and many more. >> >> One of the problems associated with IDN support in browsers is that >> it can facilitate phishing. Consequently, most browsers that support >> IDN also put in place some safeguards to protect users from such fraud. >> Another problem is that Internet Explorer 6, with its huge market >> share, does not natively supported IDN [though plugins >> <http://support.microsoft.com/?kbid=842848> are available]. However, >> IE7, which does support IDN, will, over time, replace most IE6 installs. >> >> Note that, as a temporary fallback solution until IDN is more widely >> supported, content authors who want to point to a resource using an >> IDN can write the link text in native characters, but put a punycode >> representation in the href attribute. Though not an ideal solution, >> it would guarantee that the user would be able to link to the >> resource, whatever platform they used. >> >> You can run a basic check to see whether it works on your system >> using this simple test >> <http://www.w3.org/International/tests/sec-idn-1>. >> >> Here's a look at how some browsers support IDN: >> >> 1. Internet Explorer 7 >> * Looks at the languages selected in the browser >> preferences, and from that deduces a set of scripts for >> which to fully enable IDN. >> * Uses punycode to display a domain name if any one of the >> following conditions is met: >> o The domain name contains characters which are not >> a part of any language >> o A single domain label mixes characters that are >> not contained in any single language >> o The domain name contains characters from languages >> not included in the user's preferences >> o The IDN looks like it might be a homograph attack >> * Allows IDN disabling >> * Uses an icon at the end of the address bar to notify you >> when an URL contains a non-ASCII character >> * Some IDNs are garbled when scrolling through browsing >> history in the address bar >> 2. Internet Explorer 6 >> * By default does not support IDN at all >> * 3^rd party plugins >> <http://support.microsoft.com/?kbid=842848> are >> available which provide IDN support >> 3. Firefox 2.x >> * Handles IDNs mainly based on the URLs top-level-domain >> [TLD - .com, .de, .jp etc.] >> * Some TLDs are trusted, while others are not. IDNs within >> trusted TLDs are displayed properly, while those not >> within trusted TLDs are displayed as punycode >> * IDN support can be switched off entirely by setting the >> |network.enableIDN| preference to false, in the >> about:config page >> * IDNs that contain particular characters [e.g. >> fraction-slash], even within trusted TLDs, are treated >> suspiciously, and are displayed as punycode >> * See Mozilla.org's policy on IDN-enabled TLDs >> <http://www.mozilla.org/projects/security/tld-idn-policy-list.html> >> 4. Mozilla 1.7x >> * Supports IDN >> * Displays all IDN URLs as punycode >> * IDN support can be switched off entirely by setting the >> |network.enableIDN| preference to false, in the >> about:config page >> 5. Opera 9.1 >> * Supports IDN >> * Uses a whitelist of TLDs for which to allow proper >> display of IDNs >> * However, even for some trusted TLDs, it will still >> display IDNs as punycode, if any label mixes ceratain >> scripts >> * Opera's list of illegal characters is slightly longer >> than the official IDNA list. Some IDNs, while displayed >> as punycode in other browsers, are entirely illegal in Opera >> >> Examples: >> >> URL IE 7 >> Firefox 2.x >> Opera 9.1 >> www.þorn.is <http://www.%C3%BEorn.is> www.þorn.is >> <http://www.%C3%BEorn.is> www.þorn.is <http://www.%C3%BEorn.is/> >> www.þorn.is <http://www.%C3%BEorn.is/> >> bäcker.com <http://b%C3%A4cker.com> bäcker.com/ >> <http://xn--bcker-gra.com/> xn--bcker-gra.com/ >> <http://xn--bcker-gra.com/> bäcker.com/ <http://xn--bcker-gra.com/> >> путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum> >> путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum> >> путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum/> >> путин.museum <http://%D0%BF%D1%83%D1%82%D0%B8%D0%BD.museum/> >> I♥NY.museum <http://I%E2%99%A5NY.museum> xn--iny-zx5a.museum/ >> <http://xn--iny-zx5a.museum/> i♥ny.museum/ >> <http://i%E2%99%A5ny.museum/> i♥ny.museum/ >> <http://i%E2%99%A5ny.museum/> >> pаypal.museum <http://p%D0%B0ypal.museum> xn--pypal-4ve.museum/ >> <http://xn--pypal-4ve.museum/> pаypal.museum/ >> <http://p%D0%B0ypal.museum/> pаypal.museum/ >> <http://p%D0%B0ypal.museum/> >> ibm.com⁄foo.museum <http://ibm.com%E2%81%84foo.museum> >> ibm.xn--comfoo-rq0c.museum <http://ibm.xn--comfoo-rq0c.museum> >> ibm.xn--comfoo-rq0c.museum/ <http://ibm.xn--comfoo-rq0c.museum/> >> Illegal - Opera does not >> allow the fraction-slash >> character in URLs at all. >> ップã.jp <http://%E3%83%83%E3%83%97%C3%A3.jp/> xn--3ca526vzba.jp/ >> <http://xn--3ca526vzba.jp/> >> ップã.jp/ <http://%E3%83%83%E3%83%97%C3%A3.jp/> >> ップã.jp/ <http://%E3%83%83%E3%83%97%C3%A3.jp/> >> ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/> >> xn--3ca43o0y0dkca.jp/ <http://xn--3ca43o0y0dkca.jp/> >> ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/> >> ップãп.jp/ <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.jp/> >> ップãп.co.uk <http://%E3%83%83%E3%83%97%C3%A3%D0%BF.co.uk> >> xn--3ca43o0y0dkca.co.uk/ <http://xn--3ca43o0y0dkca.co.uk/> >> xn--3ca43o0y0dkca.co.uk/ <http://xn--3ca43o0y0dkca.co.uk/> >> xn--3ca43o0y0dkca.co.uk/ <http://xn--3ca43o0y0dkca.co.uk/> >> >> >> >> >> >> >> -- >> Mark > > >
Attachments
- text/html attachment: idnv2.html
Received on Monday, 29 January 2007 20:37:09 UTC