RE: IDN - RTL from Martin Duerst on 2005-02-21 (www-international@w3.org from January to March 2005)

From: Martin Duerst <duerst@w3.org>
Date: Mon, 21 Feb 2005 09:27:54 +0900
To: Stephen Deach <sdeach@adobe.com>, Jony Rosenne <rosennej@qsm.co.il>, www-international@w3.org
Message-Id: <6.0.0.20.2.20050221092538.036b5b60@localhost>

Hello Stephen,

The bidi restrictions have not been made to avoid phishing attacks,
but to make conversion from visual to logical and back straightforward.
This is needed just so that people can get an idea of how to type a
domain name with RTL characters. Of course, as a result, some
spoofing attacks are also avoided, but that wasn't the main
motivation.

Regards,    Martin.

At 00:35 05/02/21, Stephen Deach wrote:
 >
 >But there are company names like 1-800-FLOWERS (1800flowers.com) or 
call4flowers or A1CarRepair or 71SaintPeter (a local restaurant).
 >I see common use of Roman numbers in non-last positions within alphabetic 
contexts (especially company and service tradenames) in all European 
languages, Japanese, Arabic & Hebrew.
 >   How can you design a policy that would allow these (or other 
legitimate usage) yet preclude paypa1.com or goog1e.com (both contain ones 
rather than ells) or more clever mappings of symbols or dingbats or foreign 
scripts. (There is no codepoint-based method to disambiguate most latin-1 
based central-european languages, for example.)
 >
 >This whole effort appears to be futile, I don't think any policy you 
establish will completely protect against spoofing.
 >
 >
 >At 2005.02.20-05:04(+0200), Jony Rosenne wrote:
 >
 >
 >
 >> > -----Original Message-----
 >> > From: Simon Montagu [mailto:smontagu@smontagu.org]
 >> > Sent: Saturday, February 19, 2005 11:47 PM
 >> > To: Jony Rosenne
 >> > Cc: www-international@w3.org
 >> > Subject: Re: IDN - RTL
 >> >
 >> >
 >> > Jony Rosenne wrote:
 >> > > The restriction is too restrictive and unrealistic from the
 >> > point of
 >> > > view of RTL users.
 >> > >
 >> > > It is certain that not allowing these names will cause problems.
 >> > >
 >> > > I would like to see strong evidence that a string like 瑟�� or
 >> > > www.瑟��.il <http://www.瑟��.il> causes a major problem.
 >> >
 >> > There is a spoofing problem, since www.1瑟��il and www.瑟��.il (1ALEF
 >> > and ALEF1) have the same visual rendering.
 >>
 >>I request to relax the restriction only for trailing digits.
 >>
 >>Jony
 >>
 >> >
 >> >
 >> >
 >> >
 >
 >
 >---Steve Deach
 >    sdeach@adobe.com
 >

Received on Monday, 21 February 2005 01:09:02 UTC