From: Erik van der Poel (erik@vanderpoel.org)
Date: Sat Feb 19 2005 - 16:21:43 CST
Doug,
I agree with a lot of what you are saying (particularly, the
"semi-confusables"), but please allow me to counter you argument below,
just for the sake of the argument. I am not saying that this is my
"final" opinion. (People will have noticed that I change my opinion a
lot. Sorry about that. :-)
Doug Ewell wrote:
> This is one of those problems for which
> a partial solution simply isn't good enough.
Maybe this is one of those problems for which *no* solution simply isn't
good enough?
I mean, I'll start with the Arial font found in Windows. Isn't it true
that its cmap maps some characters to the same glyph index? And, even if
someone tries to point out that Arial is a commercial product that
someone may have been trying to get out the door quickly, thereby taking
unjustified shortcuts, I'll point out that Michel Suignard himself
(long-time Unicoder) already admitted that:
# No languages used in the former soviet union should require a mix of
# latin and cyrillic in a single dns label.
# Unicode contains many latin homographs in the Cyrillic block exactly for
# that reason, to avoid mixing the two scripts in a single word. It is
# unfortunate that the exact visual match is now haunting us. However it
# should not be used as a rationale to accept registration of mixed
# Cyrillic/Latin labels by tld registries.
This is from:
ftp://ops.ietf.org/pub/lists/idn.current
Am I now going to see some senior Unicoders try to backpedal on these
comments? :-)
I hope not. A couple of senior Unicoders have already indicated that
they are seriously considering this homograph issue, and kudos to them!
> And for something like IDNs, once you have decided on a mapping, you can
> never, ever change it. Otherwise you will have a domain name available
> for registration by customer A today, but a similar one not available to
> customer B six months later (or vice versa, A can't get it but B can).
> Either way, you have a lawsuit.
And that's how it should be. PayPal should sue those that registered
fake paypal.com names! :-)
Well, PayPal will notice that some or all of them are just there to
start this very discussion, and hopefully won't sue those poor engineers...
More to the point, this ACE thing (ASCII Compatible Encoding) has a long
history of incompatible prefixes. See section 5 of:
http://ietf.org/rfc/rfc3490.txt
As is the case in any network protocol migration endeavor, you may be
able to take advantage of such incompatibilities to assist in (indeed,
*allow*) migration. The critical thing is to have the systems support
both the old and the new during the transition period. For example, a
registry might support lookups from both old and new clients during the
transition.
But of course, it will be very difficult (if not impossible) to delete
some of the names that are determined to be (deliberate or accidental)
spoofs of other (hopefully legitimate) names. Some of these parties have
the resources to sue each other, but others are just, say, individuals
who happen to be caught in the crossfire. Is it fair to delete their
registrations? And even if it is, will the registries even bother to go
through all this work? Finally, am I answering my own questions? :-)
Erik
This archive was generated by hypermail 2.1.5 : Sat Feb 19 2005 - 16:23:03 CST