- From: by way of Martin Duerst <neil@tonal.clara.co.uk>
- Date: Sun, 13 Feb 2005 16:39:37 +0900
- To: www-international@w3.org
Addison Phillips [wM] wrote: >>Nah. It's poor design of IDN. They should have disallowed mixing >>characters from different scripts in one URL. It wouldn't have ruled out >>all of the problems, but most of them. >> > >I disagree. There are plenty of cases in which scripts are mixed >naturally in languages that use non-Latin scripts. For example, many >languages use the Latin digits in preference to native script digits. >Should we allow the Latin digits into a non-ASCII domain name? Oh, the >slippery slope... > >For that matter, I can construct a perfect "paypal" string using ONLY >Cyrillic letters. Restrictions to one script doesn't prevent the homograph >attack. It just requires one to be more clever. > >U+0440 U+0430 U+0443 U+0440 U+0430 U+04C0 looks just as good in my browser... > >Addison > > > My, that's ingenious. If I was paypal, I'd be rushing to register all those domains right now. Could you please have a look at the discussion that's been going on on Bugzilla regarding the Mozilla and Firefox aspects of this problem? It's at https://bugzilla.mozilla.org/show_bug.cgi?id=279099 Yes, we thought of preventing script mixing (but making a special case for the digits and hyphen-minus), but your example is rather alarming. -- Neil
Received on Monday, 14 February 2005 00:53:18 UTC