W3C home > Mailing lists > Public > www-international@w3.org > January to March 2007

Re: For review: An Introduction to Multilingual Web Addresses

From: <shen@cse.ust.hk>
Date: Fri, 9 Mar 2007 12:15:44 +0800 (HKT)
Message-ID: <1302.>
To: "Richard Ishida" <ishida@w3.org>
Cc: "'WWW International'" <www-international@w3.org>

> http://www.w3.org/International/articles/idn-and-iri/#work
> Comments are being sought on the revised section of this article entitled
> "Does it work?" prior to final completion. Please send any comments to
> www-international@w3.org (subscribe). We expect to publish a final version
> in one to two weeks.

Thanks, Richard, I learned a lot about IDNs by reading this article.

However, I don't think

"The typical way of alerting the user to a possible homograph attack is to
display the URI in the address bar in punycode rather than in the original
Unicode characters."

I tried your test website; Firefox displayed Unicode, while IE7 displayed
punycode. There is no way for a lay user (or even a pro) to tell
whether punycode indicates danger. Few people can recognize whether
a possible homograph attack is taking place. I think if the sentence
starts with

"An attempt to alert the user..."

You might also add that "But most users would not be able to recognize
whether there is indeed a phishing attack."

Thanks for the good work!

> Thanks.
> ============
> Richard Ishida
> Internationalization Lead
> W3C (World Wide Web Consortium)
> http://www.w3.org/People/Ishida/
> http://www.w3.org/International/
> http://people.w3.org/rishida/blog/
> http://www.flickr.com/photos/ishida/
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.7/710 - Release Date: 04/03/2007
> 13:58
Received on Friday, 9 March 2007 04:15:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:40:53 UTC