- From: Leif Halvard Silli <lhs@malform.no>
- Date: Fri, 01 Aug 2008 00:42:09 +0200
- To: Martin Duerst <duerst@it.aoyama.ac.jp>
- CC: Ram Mohan <rmohan@afilias.info>, Richard Ishida <ishida@w3.org>, www-international@w3.org, "'Jean-Guilhem Rouel'" <jean-gui@w3.org>
Martin Duerst 2008-07-30 05.49: >> One of the biggest concerns is with script mixing, where >> ASCII and several local scripts get intermingled in an IRI. >> In my opinion, this is quite a bad thing, leads to a great >> deal of user confusion and potential for phishing - it's one >> of the biggest things that should be explicitly restricted (a >> few languages exist where script mixing is required, but >> these are finite and definable as exceptions). > > I understand the dangers of mixing several scripts (not > necessarily including ASCII, which isn't a script anyway) in > the same IRI component (e.g. label for a domain name). Using > different components with different scripts isn't really much > of a problem, except for very rare and special cases (e.g. a > Cyrillic component that looks exactly like a Latin one in an > otherwise Latin IRI). A questions/comments in these regards: The typhographic trend has long been to make the different alphabetical scripts of the world more simimlar. For instance modern Cyrillic has letters which are shaped similarely to Roman letters. After all, Times New Roman contains both Cyrillic and Romand - for instance. This is fine, and creates a pretty Web pages, PDFs and paper documents because it create unified styles, regardless of the script in use. But exactly for these security matters, it can hardly be a positive thing that Cyrillic look like Latin and vice-versa. It is possible - however, and it is often done for style variation etc - to write Cyrillic in a way that make the letters stand out from Latin. Has this been considered? Are anyone proposing that? Should not use of fonts which clearly distinguish the different letters and scripts be adviced in these regards? I think the main security risk involved with IRIs and IDNs is that the user is unable to judge for himself what he is reading. Leif Halvard Silli
Received on Thursday, 31 July 2008 22:43:19 UTC