- From: Larry Masinter <masinter@adobe.com>
- Date: Tue, 31 Aug 2010 15:00:18 -0700
- To: "public-iri@w3.org" <public-iri@w3.org>
-- http://larry.masinter.net -----Original Message----- From: root@unicode.org [mailto:root@unicode.org] On Behalf Of announcements@unicode.org Sent: Friday, August 06, 2010 12:30 PM To: announcements@unicode.org Subject: Unicode Security and Domain Names The Unicode Consortium has released three important specifications related to Internationalized Domain Names (IDNs) and Security. UTS #46: Unicode IDNA Compatibility Processing http://www.unicode.org/reports/tr46/ UTR# 36: Unicode Security Considerations http://www.unicode.org/reports/tr36/ UTR# 39: Unicode Security Mechanisms http://www.unicode.org/reports/tr39/ UTS #46: Unicode IDNA Compatibility Processing Client software, such as browsers and emailers, faces a difficult transition from the version of international domain names approved in 2003 (IDNA2003), to the revision approved in 2010 (IDNA2008). The specification in this document provides a mechanism that minimizes the impact of this transition for client software, allowing client software to access domains that are valid under either system. The specification provides two main features: One is a comprehensive mapping to support current user expectations for casing and other variants of domain names. Such a mapping is allowed by IDNA2008. The second is a compatibility mechanism that supports the existing domain names that were allowed under IDNA2003. This second feature is intended to improve client behavior during the transitional period. UTR# 36: Unicode Security Considerations Because Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This is especially important as more and more products are internationalized. This document describes some of the security considerations that programmers, system analysts, standards developers, and users should take into account, and provides specific recommendations to reduce the risk of problems. UTR# 39: Unicode Security Mechanisms Because Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This document specifies mechanisms that can be used to detect possible security problems. ---- All of the Unicode Consortium lists are strictly opt-in lists for members or interested users of our standards. We make every effort to remove users who do not wish to receive e-mail from us. To see why you are getting this mail and how to remove yourself from our lists if you want, please see http://www.unicode.org/consortium/distlist.html#announcements
Received on Tuesday, 31 August 2010 22:00:55 UTC