From: Peter Kirk (peterkirk@qaya.org)
Date: Fri Feb 11 2005 - 10:23:31 CST
On 11/02/2005 15:23, Adam Twardoch wrote:
> ...
> Cyrillic Q?
>
The Latin letters Q and W are used in the Kurdish Cyrillic script used
in Armenia and Russia. But I understand that Unicode refused to encode
separate characters. This implies that Kurdish, including Kurdish IDNs,
is written in a mixture of Unicode Latin and Cyrillic scripts.
On 11/02/2005 15:31, Adam Twardoch wrote:
> ... You can also register a domain name "paypaI.com" (i.e.
> "paypai.com", using Latin letters), or "rnicrosoft.com" but this id a
> different pair of shoes than characters that have different codes but
> have identical visual appearance.
>
These spoof URLs can still have almost identical visual appearance to
the real ones in the small size sans serif font commonly used in
browsers' URL windows. But this problem of course predates IDNs.
On 11/02/2005 15:31, Adam Twardoch wrote:
> From: "Peter Kirk" <peterkirk@qaya.org>
>
>> Perhaps a better approach would be for browsers, as a default option
>> which can be switched off, to warn users about mixed script domain
>> names (or even any non-ASCII domain names) with a dialogue box,
>> something like: "Domain name paypal.com contains non-Latin
>> character(s). This may be a security risk. Are you sure you want to
>> go to this domain? OK Cancel".
>
>
> And this warning would appear every time for a Chinese or Arabic user?
> (Unless he figures out that he/she needs to goes to some options and
> switch it off?)
>
> This is so anti-i18n. The idea behind IDN was to stop the hegemony of
> the Latin script in domain names. Solutions that prevent the spoofs
> should not again start building up the "our people vs. foreign people"
> way of thinking.
>
I didn't intend to be anti-i18n, and I accept that my idea and the
warning text needs to be tweaked to avoid that. The warning text would
of course be localised. And perhaps the tests to be applied would be
localised, with the acceptable scripts being chosen by the user,
defaulting to the system default script and Latin (since ASCII URLs will
not go away soon even in China and the Arab world). And any mixed script
domain could trigger the message, with possible allowance for cases like
Kurdish.
Alternative tests might be Bayesian, similar to Mozilla's reasonably
successful spam detection.
-- Peter Kirk peter@qaya.org (personal) peterkirk@qaya.org (work) http://www.qaya.org/ -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005
This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 10:25:25 CST