- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 04 Jul 2012 12:36:33 +0200
- To: David Clarke <w3@dragonthoughts.co.uk>
- Cc: public-iri@w3.org
* David Clarke wrote: >I've been reading this thread with interest. I'm wondering how the >originator would feel if URIs had been defined to use digits and >punctuation only with no alphabetic characters? The spoofing problem seems to be a sidetrack here, as far as humans go only the "cookie domain" really matters; and for machines there is less of a spoofing and more of a robustness problem: machines would not be fooled, but they might implement conversions and comparisons incorrect- ly. And domain names can have non-ASCII even in URIs, whether you dis- play them and how is an issue either way. >As far as spoofing goes, in most typefaces, there are already confusions >between 1 (DIGIT ONE), l (LOWER CASE LATIN LETTER L), I (UPPER CASE >LATIN LETTER I) and between 0 (UPPER CASE LATIN LETTER O) and 0 (DIGIT >ZERO). Would it be reasonable propose removal of those characters from >URLs to reduce spoofing? The typical response to that would be that people do not want to make it any worse. And as you note, forcing people to choose characters from a rather limited set might actually make it harder for them to avoid some spoofed address as they do not readily recognize what is being encoded. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Wednesday, 4 July 2012 10:37:00 UTC