- From: Jony Rosenne <rosennej@qsm.co.il>
- Date: Mon, 21 Feb 2005 08:17:47 +0200
- To: <www-international@w3.org>
> -----Original Message----- > From: Stephen Deach [mailto:sdeach@adobe.com] > Sent: Monday, February 21, 2005 6:25 AM > To: Martin Duerst; Stephen Deach; Jony Rosenne; > www-international@w3.org > Subject: RE: IDN - RTL > > > It appeared that the majority of the recent discussions (from > 2005Feb10 to > present under the topic "IDN Problem..." and some portion of > the comments > under "IDN - RTL") dealt with fraud/security issues caused by > substitutions > of similar looking glyphs in a mixed-script environment. My > comment was > directed at that aspect of the discussion. > > If the ISP/DSN people wish to simplify conversions of bidi > content for > processing purposes, I have no input to offer (except that I > have seen > ISO-latin-1 numbers embedded within Arabic and Hebrew company > names, so > this must be a conscious decision to exclude them or restrict certain > asymmetric combinations). A small correction: You may have seen ISO-8859-8 (Hebrew) or ISO-8859-6 (Arabic) digits embedded within company names, I don't think anyone imbeds ISO-8859-1. The confusion is understandable - they are the same. The main point is: I understand the technical justifications for the IDN decision, but I don't think the user community will accept it or abide by it. Jony > > > At 2005.02.21-09:27(+0900), Martin Duerst wrote: > >Hello Stephen, > > > >The bidi restrictions have not been made to avoid phishing attacks, > >but to make conversion from visual to logical and back > straightforward. > >This is needed just so that people can get an idea of how to type a > >domain name with RTL characters. Of course, as a result, some > >spoofing attacks are also avoided, but that wasn't the main > >motivation. > > > >Regards, Martin. > > > >At 00:35 05/02/21, Stephen Deach wrote: > > > > > >But there are company names like 1-800-FLOWERS > (1800flowers.com) or > > call4flowers or A1CarRepair or 71SaintPeter (a local restaurant). > > >I see common use of Roman numbers in non-last positions within > > alphabetic contexts (especially company and service > tradenames) in all > > European languages, Japanese, Arabic & Hebrew. > > > How can you design a policy that would allow these (or other > > legitimate usage) yet preclude paypa1.com or goog1e.com > (both contain > > ones rather than ells) or more clever mappings of symbols > or dingbats or > > foreign scripts. (There is no codepoint-based method to > disambiguate most > > latin-1 based central-european languages, for example.) > > > > > >This whole effort appears to be futile, I don't think any > policy you > > establish will completely protect against spoofing. > > > > > > > > >At 2005.02.20-05:04(+0200), Jony Rosenne wrote: > > > > > > > > > > > >> > -----Original Message----- > > >> > From: Simon Montagu [mailto:smontagu@smontagu.org] > > >> > Sent: Saturday, February 19, 2005 11:47 PM > > >> > To: Jony Rosenne > > >> > Cc: www-international@w3.org > > >> > Subject: Re: IDN - RTL > > >> > > > >> > > > >> > Jony Rosenne wrote: > > >> > > The restriction is too restrictive and unrealistic from the > > >> > point of > > >> > > view of RTL users. > > >> > > > > >> > > It is certain that not allowing these names will > cause problems. > > >> > > > > >> > > I would like to see strong evidence that a string > like $B`n.(B or > > >> > > www.$B`n.(B.il <http://www.$B`n.(B.il> causes a > major problem. > > >> > > > >> > There is a spoofing problem, since www.1$B`n.(Bil and > www.$B`n.(B.il > > (1ALEF > > >> > and ALEF1) have the same visual rendering. > > >> > > >>I request to relax the restriction only for trailing digits. > > >> > > >>Jony > > >> > > >> > > > >> > > > >> > > > >> > > > > > > > > > >---Steve Deach > > > sdeach@adobe.com > > > > > > ---Steve Deach > sdeach@adobe.com > > >
Received on Monday, 21 February 2005 06:23:14 UTC