Unicode Security and Domain Names

• Previous message: Asmus Freytag: "Re: Accessing alternate glyphs from plain text (from Re: Draft Proposal to add Variation Sequences for Latin and Cyrillic letters)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

The Unicode Consortium has released three important specifications
related to Internationalized Domain Names (IDNs) and Security.

UTS #46: Unicode IDNA Compatibility Processing
http://www.unicode.org/reports/tr46/

UTR# 36: Unicode Security Considerations
http://www.unicode.org/reports/tr36/

UTR# 39: Unicode Security Mechanisms
http://www.unicode.org/reports/tr39/

UTS #46: Unicode IDNA Compatibility Processing

Client software, such as browsers and emailers, faces a difficult
transition from the version of international domain names approved in
2003 (IDNA2003), to the revision approved in 2010 (IDNA2008). The
specification in this document provides a mechanism that minimizes the
impact of this transition for client software, allowing client software
to access domains that are valid under either system. The specification
provides two main features: One is a comprehensive mapping to support
current user expectations for casing and other variants of domain names.
Such a mapping is allowed by IDNA2008. The second is a compatibility
mechanism that supports the existing domain names that were allowed
under IDNA2003. This second feature is intended to improve client
behavior during the transitional period.

UTR# 36: Unicode Security Considerations

Because Unicode contains such a large number of characters and
incorporates the varied writing systems of the world, incorrect usage
can expose programs or systems to possible security attacks. This is
especially important as more and more products are internationalized.
This document describes some of the security considerations that
programmers, system analysts, standards developers, and users should
take into account, and provides specific recommendations to reduce the
risk of problems.

UTR# 39: Unicode Security Mechanisms

Because Unicode contains such a large number of characters and
incorporates the varied writing systems of the world, incorrect usage
can expose programs or systems to possible security attacks. This
document specifies mechanisms that can be used to detect possible
security problems.

----
All of the Unicode Consortium lists are strictly opt-in lists for members
or interested users of our standards. We make every effort to remove
users who do not wish to receive e-mail from us. To see why you are getting
this mail and how to remove yourself from our lists if you want, please
see http://www.unicode.org/consortium/distlist.html#announcements

• Next message: John H. Jenkins: "Re: Accessing alternate glyphs from plain text (from Re: Draft Proposal to add Variation Sequences for Latin and Cyrillic letters)"
• Previous message: Asmus Freytag: "Re: Accessing alternate glyphs from plain text (from Re: Draft Proposal to add Variation Sequences for Latin and Cyrillic letters)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Fri Aug 06 2010 - 14:37:24 CDT