From: Elliotte Harold (elharo@metalab.unc.edu)
Date: Fri Feb 11 2005 - 16:18:30 CST
Adam Twardoch wrote:
> This is so anti-i18n. The idea behind IDN was to stop the hegemony of
> the Latin script in domain names. Solutions that prevent the spoofs
> should not again start building up the "our people vs. foreign people"
> way of thinking.
I don't think it was ever really a problem of "our people vs. foreign
people" but more of a complete lack of consideration for non-English
uses. The English speakers neither knew nor considered the needs of
non-English speakers. The result, naturally enough, was an
English/ASCII-centric Internet.
It took a long time to change that, and the work still isn't done.
However, the current problem is that the reaction to ASCII-centricity
has gotten so extreme amongst the I18N community that there is simply no
acknowledgment that IDN causes real problems for real users, and there
is no willingness to accept any compromise on issues of
internationalization, no matter how damaging the side effects are. I
have heard again and again in multiple fora and multiple areas that
anything less than an ideal solution is morally wrong, and that anyone
who even raises the suggestion that there might be trade-offs to be
considered is morally suspect.
If the I18N community doesn't begin to pay serious attention to the
needs of other communities that are negatively impacted by their
specifications, those users are going to stop implementing and
supporting those specifications. The result could be a rapid fracturing
of the web, as the English-speaking nations shut themselves off from the
rest of the world. If the problems become severe enough, even the
non-English speaking/non-Latin-writing world may start rejecting IDNs.
It's important to have domain names in one's own language, but after
bank customers start losing real money to these attacks, people may
begin to evaluate just how important that.
This would be a tragedy, but it's already happening. I am watching
multiple lists now that are producing and distributing hacks to
completely disable IDN in various browsers. These hacks are typically
written by developers who neither know nor care about I18N issues, but
care a great deal about protecting themselves and their customers from
phishing and pharming.
The spoofing issues that have gotten play lately are nothing new. They
were raised repeatedly by multiple people including myself several years
ago when IDN was being developed. The working group never seriously
addressed the problem, and I still hear many people sticking their heads
in the sand and claiming it's somehow not the fault of IDN, or that
there isn't a problem, or that because we've been able to register
Goog1e.com before now, somehow making the problem a thousand times worse
is not worth talking about.
If the IETF does not wake up and recognize the major problems they've
caused for many users, then IDNs are dead. They will be completely
disabled in browsers and blocked at the firewalls and routers, and
sooner rather than later. That would be a shame, but sadly it may be
better than the alternative. There are reasonable compromises that could
be made which would radically diminish the effectiveness of this attack
while still satisfying most realistic use cases for IDNs. However,
unless the IDN group is willing to start talking compromise and damage
control, then, politically correct or not, a lot of the world is going
to shut out IDNs.
-- Elliotte Rusty Harold elharo@metalab.unc.edu XML in a Nutshell 3rd Edition Just Published! http://www.cafeconleche.org/books/xian3/ http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 16:19:13 CST