[idn] IDN Implementation Status Update
Gervase Markham <gerv@mozilla.org> Fri, 22 July 2005 16:20 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dw0G7-0007qT-Nu for idn-archive@megatron.ietf.org; Fri, 22 Jul 2005 12:20:24 -0400
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29759 for <idn-archive@lists.ietf.org>; Fri, 22 Jul 2005 12:20:20 -0400 (EDT)
Received: from majordom by psg.com with local (Exim 4.50 (FreeBSD)) id 1Dw091-0003tM-Uu for idn-data@psg.com; Fri, 22 Jul 2005 16:13:03 +0000
Received: from [193.201.200.34] (helo=tuschin.blackcatnetworks.co.uk) by psg.com with esmtp (Exim 4.50 (FreeBSD)) id 1Dw08z-0003t4-So for idn@ops.ietf.org; Fri, 22 Jul 2005 16:13:02 +0000
Received: from grmarkham.plus.com ([80.229.30.161] helo=[192.168.1.100]) by tuschin.blackcatnetworks.co.uk with asmtp (Exim 3.35 #1 (Debian)) id 1Dw08w-0008Do-00; Fri, 22 Jul 2005 17:12:58 +0100
Message-ID: <42E11B09.6030203@mozilla.org>
Date: Fri, 22 Jul 2005 17:12:57 +0100
From: Gervase Markham <gerv@mozilla.org>
Organization: mozilla.org
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: iab-idn@lists.paf.se, mb-secissues@opera.com, idn@ops.ietf.org
Subject: [idn] IDN Implementation Status Update
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on psg.com
X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
This is a message to tell interested parties the current status of the mozilla.org changes to Firefox regarding IDN. We have implemented a TLD whitelist system, which currently contains 21 TLDs for which we correctly display IDN domain names in the UI. http://www.mozilla.org/projects/security/tld-idn-policy-list.html Any IDN domain name in a non-whitelisted TLD displays as punycode. This is a security feature and so there is no user interface for adding or removing TLDs. Any registry which wishes to be added to the whitelist should follow the instructions on that page. In terms of what constitutes a homograph, we are being guided by the Unicode Consortium's confusables list: http://www.unicode.org/draft/reports/tr36/data/confusables.txt and by common sense. Our policy in this area is still somewhat in flux - in particular, we are not yet sure whether we should require that registries to consider two characters which differ only in accent (sometimes by the shade of a single pixel at normal font sizes) as homographic. In the mean time, we strongly advise that registries do this. We have implemented a character blacklist, which will soon contain 'DIVISION SLASH' (U+2215) and 'FRACTION SLASH' (U+2044). After that, we may extend it to forbid more characters which may be used to spoof URL punctuation. https://bugzilla.mozilla.org/show_bug.cgi?id=301694 This is not meant to prejudice the outcome of the current IAB-IDN discussions on potentially reducing the number of characters permitted in IDN, but we feel the danger posed by the use of such characters in 3rd and 4th level domains is great enough to require an immediate ban. Any domain name which contains one or more of these characters displays as punycode. We wish to thank Opera Software for their help in creating the initial whitelist and providing suggestions for the character blacklist. Please note that I will be away from Saturday 23rd of June until Monday 8th August, so please do not expect any email replies during that time. :-) Gerv
- [idn] IDN Implementation Status Update Gervase Markham