Re: [idn] Re: character tables

[Erik van der Poel <erik@vanderpoel.org>]

> However, I note that this particular conversation is between a browser 
> developer (Gervase) and one of the IDNA authors (Paul), neither of which 
> is a registry representative, so why exactly are you 2 having this 
> conversation? :-)
> 
> Sorry, I'm half joking. Half, because you two have every right to 
> discuss whatever you wish. The other half because I believe browser 
> developers can afford to focus more on their end of things.

Sorry, I've been told that this half-joking thing was confusing, and I 
now believe I shouldn't have tried to be so cute.

All I'm trying to say to *Gervase* is that it doesn't really matter 
*what* characters are allowed to be registered in a registry, as long as 
the browser takes steps to warn the user when something phishy might be 
going on, e.g. a slash homograph, or a Cyrillic small 'a' when the user 
was probably expecting a Latin small 'a'. As I have pointed out, the 
registry does *not* have control over higher-numbered level domains. 
E.g. .de controls the 2nd level domain (2LD), but not the 3LD, 4LD and 
so on. That is where the slash homograph problem *really* matters.

> Instead, I wish the browser developers would 
> focus more on the *user*, who may be "surfing" from one site to the 
> next, spanning the globe, and crossing language boundaries.

Sorry, this may not have been the best logic to use in my argument. It 
would have been better to talk about phishers, who often spam users with 
email containing URIs that *could* contain IDN labels with dangerous 
homographs at any level of the name, 2LD, 3LD, or whatever.

(Most users *don't* surf around the world, since many are monolingual or 
maybe bilingual.)

Anyway, help me out, guys and gals. Pull my logic through the wringer, 
and comb it with the finest comb you have at your disposal. This way, we 
can collectively improve our understanding of the IDN phishing problem 
and ways to address it.

Erik