Re: IDN Security, recommended character ranges blacklist

From: Neil Harris (neil@tonal.clara.co.uk)
Date: Wed Feb 16 2005 - 13:29:42 CST

Next message: Simon Montagu: "Re: IDN Security"

Previous message: Hans Aberg: "Re: IDN Security"
Maybe in reply to: Neil Harris: "Re: IDN Security, recommended character ranges blacklist"
Next in thread: Nick Nicholas: "Re: IDN Security, recommended character ranges blacklist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Philippe Verdy wrote:

> --- Doug Ewell <dewell@adelphia.net> a écrit :
>
>
>>Neil Harris <neil at tonal dot clara dot co dot uk> wrote:
>>
>>
>>
>>>Okay, let's get rid of those two ranges, and only blacklist:
>>>...
>>>* High Surrogates
>>>* Low Surrogates
>>>
>>>
>>This is at once unnecessary and excessive. Unpaired surrogates are
>>not even valid Unicode, and are specifically prohibited in nameprep;
>>while paired surrogates may represent a perfectly legitimate IDN
>>character (from CJK Extension B, for instance).
>>
>>
>
>I don't understand this discussion about "blacklisted" characters!
>The policy is already defined to use the "inclusive" model, where only
>well-defined subsets of characters are approved for use in TLDs
>implementing IDN.
>
>Conclusion: there's no need of any blacklist, but only the need, for
>TLDs to document which subsets they accept and support in their
>registry (this subset does not necessarily need to include all letters
>found in the same Unicode/ISO/IEC 10646 code block), and then document
>for which languages these subsets were made, and also document the
>rules by which groups of names will be reserved with the same
>reservation (these names may be homograph using different scripts, or
>may be simplications of letters, such as when a TLD registry chooses to
>consider names with or without accents and diacritics as part of the
>same reservation package).
>
>
Imagine, if you will, a lazy/abusive registry that registers the entire
Unicode code-point range, or a substantial subset of it, and uses this
same "subset" for every language it registers. How convenient for them
this would be, whilst remaining within the letter of the rules, and at
the same time letting them sell domain names like <smiley-face>.tld.and
<name><trademark-symbol>.tld. Imagine, also, that they then ignore all
complaints about their behavior. What do you do then?

-- Neil

Next message: Simon Montagu: "Re: IDN Security"
Previous message: Hans Aberg: "Re: IDN Security"
Maybe in reply to: Neil Harris: "Re: IDN Security, recommended character ranges blacklist"
Next in thread: Nick Nicholas: "Re: IDN Security, recommended character ranges blacklist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Wed Feb 16 2005 - 13:30:42 CST