- From: Addison Phillips [wM] <aphillips@webmethods.com>
- Date: Thu, 10 Feb 2005 17:17:54 -0800
- To: "Adam Twardoch" <list.adam@twardoch.com>, "John Hudson" <tiro@tiro.com>, "John Burger" <john@mitre.org>
- Cc: <www-international@w3.org>, "Unicode Mailing List" <unicode@unicode.org>
> Nah. It's poor design of IDN. They should have disallowed mixing > characters > from different scripts in one URL. It wouldn't have ruled out all of the > problems, but most of them. I disagree. There are plenty of cases in which scripts are mixed naturally in languages that use non-Latin scripts. For example, many languages use the Latin digits in preference to native script digits. Should we allow the Latin digits into a non-ASCII domain name? Oh, the slippery slope... For that matter, I can construct a perfect "paypal" string using ONLY Cyrillic letters. Restrictions to one script doesn't prevent the homograph attack. It just requires one to be more clever. U+0440 U+0430 U+0443 U+0440 U+0430 U+04C0 looks just as good in my browser... Addison Addison P. Phillips Director, Globalization Architecture http://www.webMethods.com Chair, W3C Internationalization Core Working Group http://www.w3.org/International Internationalization is an architecture. It is not a feature. > -----Original Message----- > From: unicode-bounce@unicode.org > [mailto:unicode-bounce@unicode.org]On Behalf Of Adam Twardoch > Sent: 2005年2月10日 16:27 > To: John Hudson; John Burger > Cc: www-international@w3.org; Unicode Mailing List > Subject: Re: IDN problem.... :( > > > > ----- Original Message ----- > From: "John Hudson" <tiro@tiro.com> > > > The security issue is simply due to the fact that some characters > > typically look identical to other characters. So change the appearance. > > Nah. It's poor design of IDN. They should have disallowed mixing > characters > from different scripts in one URL. It wouldn't have ruled out all of the > problems, but most of them. > > A. > >
Received on Friday, 11 February 2005 01:20:53 UTC