- From: Stephen Deach <sdeach@adobe.com>
- Date: Sun, 20 Feb 2005 20:25:02 -0800
- To: Martin Duerst <duerst@w3.org>, Stephen Deach <sdeach@adobe.com>, Jony Rosenne <rosennej@qsm.co.il>, www-international@w3.org
It appeared that the majority of the recent discussions (from 2005Feb10 to
present under the topic "IDN Problem..." and some portion of the comments
under "IDN - RTL") dealt with fraud/security issues caused by substitutions
of similar looking glyphs in a mixed-script environment. My comment was
directed at that aspect of the discussion.
If the ISP/DSN people wish to simplify conversions of bidi content for
processing purposes, I have no input to offer (except that I have seen
ISO-latin-1 numbers embedded within Arabic and Hebrew company names, so
this must be a conscious decision to exclude them or restrict certain
asymmetric combinations).
At 2005.02.21-09:27(+0900), Martin Duerst wrote:
>Hello Stephen,
>
>The bidi restrictions have not been made to avoid phishing attacks,
>but to make conversion from visual to logical and back straightforward.
>This is needed just so that people can get an idea of how to type a
>domain name with RTL characters. Of course, as a result, some
>spoofing attacks are also avoided, but that wasn't the main
>motivation.
>
>Regards, Martin.
>
>At 00:35 05/02/21, Stephen Deach wrote:
> >
> >But there are company names like 1-800-FLOWERS (1800flowers.com) or
> call4flowers or A1CarRepair or 71SaintPeter (a local restaurant).
> >I see common use of Roman numbers in non-last positions within
> alphabetic contexts (especially company and service tradenames) in all
> European languages, Japanese, Arabic & Hebrew.
> > How can you design a policy that would allow these (or other
> legitimate usage) yet preclude paypa1.com or goog1e.com (both contain
> ones rather than ells) or more clever mappings of symbols or dingbats or
> foreign scripts. (There is no codepoint-based method to disambiguate most
> latin-1 based central-european languages, for example.)
> >
> >This whole effort appears to be futile, I don't think any policy you
> establish will completely protect against spoofing.
> >
> >
> >At 2005.02.20-05:04(+0200), Jony Rosenne wrote:
> >
> >
> >
> >> > -----Original Message-----
> >> > From: Simon Montagu [mailto:smontagu@smontagu.org]
> >> > Sent: Saturday, February 19, 2005 11:47 PM
> >> > To: Jony Rosenne
> >> > Cc: www-international@w3.org
> >> > Subject: Re: IDN - RTL
> >> >
> >> >
> >> > Jony Rosenne wrote:
> >> > > The restriction is too restrictive and unrealistic from the
> >> > point of
> >> > > view of RTL users.
> >> > >
> >> > > It is certain that not allowing these names will cause problems.
> >> > >
> >> > > I would like to see strong evidence that a string like $B`n…(B or
> >> > > www.$B`n…(B.il <http://www.$B`n…(B.il> causes a major problem.
> >> >
> >> > There is a spoofing problem, since www.1$B`n…(Bil and www.$B`n…(B.il
> (1ALEF
> >> > and ALEF1) have the same visual rendering.
> >>
> >>I request to relax the restriction only for trailing digits.
> >>
> >>Jony
> >>
> >> >
> >> >
> >> >
> >> >
> >
> >
> >---Steve Deach
> > sdeach@adobe.com
> >
---Steve Deach
sdeach@adobe.com
Received on Monday, 21 February 2005 04:38:18 UTC