Re: [idn] punctuation
John C Klensin <klensin@jck.com> Thu, 24 February 2005 22:27 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA29789 for <idn-archive@lists.ietf.org>; Thu, 24 Feb 2005 17:27:51 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1D4RNi-000Pqc-I0 for idn-data@psg.com; Thu, 24 Feb 2005 22:22:50 +0000
Received: from [209.187.148.211] (helo=bs.jck.com) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1D4RNf-000PpY-VN for idn@ops.ietf.org; Thu, 24 Feb 2005 22:22:48 +0000
Received: from [209.187.148.215] (helo=scan.jck.com) by bs.jck.com with esmtp (Exim 4.34) id 1D4RNe-000Mdu-BY; Thu, 24 Feb 2005 17:22:46 -0500
Date: Thu, 24 Feb 2005 17:22:35 -0500
From: John C Klensin <klensin@jck.com>
To: Erik van der Poel <erik@vanderpoel.org>
cc: tedd <tedd@sperling.com>, idn@ops.ietf.org
Subject: Re: [idn] punctuation
Message-ID: <0E7F74C71945B923C52211F3@scan.jck.com>
In-Reply-To: <421E30F2.1040408@vanderpoel.org>
References: <421B8484.3070802@vanderpoel.org> <20050223072837.GA21463~@nicemice.net> <D872CCF059514053ECF8A198@scan.jck.com> <421D8411.9030006@vanderpoel.org> <p06210208be4390618c81@[192.168.0.101]> <421E0D0C.2000309@vanderpoel.org> <p06210202be43c3888991@[192.168.0.101]> <E07CE813AD23B2D95DA0C740@scan.jck.com> <421E30F2.1040408@vanderpoel.org>
X-Mailer: Mulberry/3.1.6 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
--On Thursday, 24 February, 2005 11:54 -0800 Erik van der Poel <erik@vanderpoel.org> wrote: > John C Klensin wrote: >> We can try >> to restrict characters that are clearly dangerous, adopting, >> if necessary, a view that the fact someone wants to register >> or use a particular string doesn't mean that they are >> entitled to do so. > > You can write RFCs, move them to STD status, and jump up and > down all you want, but you can't stop domain name owners from > creating "deep" sub-domains with deceptive names that make the > important part of the name go off the end of the display area. Of course not. But there are several separate problems here. For example: (i) No one _makes_ an application author write things so that "go off the end of the display area" is an option. It may or may not be worth it, but there are all sorts of ways to design a UI so that things wrap, scroll, pop-up, warn, or are otherwise accessible from end to end. It seems to me that convincing your favorite applications author to not let long FQNS disappear off-screen is likely to be a lot easier than turning domain names around (see below). (ii) The Internet has never had a presentation layer, and the IETF and its predecessors have never tried to standardize one or what happens in it. To some extent, many of the issues with URIs/IRIs, IDNs, etc., suggest that may have been a mistake. But we just haven't gone in that direction and starting to do so now would be a pretty big deal. A presentation layer might solve this problem because a user could then specify how various things are to be displayed. Without it, and without common operating system or utility library interfaces for these things that everyone uses, one risks having one application use one display order and another application, on the same host and for the same user, use a different one. That would create a mess and its own set of risks; see below. >> We >> can use the UDRP and/or the legal system in various countries >> to push back on those who register deceptive names and on the >> registrars and registries that encourage the registration of >> such names. > > The registrars and registries are not the problem. The domain > name owners are. If a poor individual has created a deceptive > name that hurts a huge company, that company may go after > Microsoft (since it has deep pockets) instead of the poor > person. As I have said before, there is no magic bullet solution to this group of problems. And, for the zones that are under their control, the registries are the problem (for some part of the broader problem) because they are in a position to prohibit unacceptable registrations .. as they have done for years in prohibiting names that aren't "hostname" (LDH)-conformant. That conformance is not not now, and has never been, a DNS protocol requirement. > So, the apps' current way of displaying the domain name > (right-to-left) in left-to-right cultures is the problem. I > tried to make the case that this is even a problem in the > ASCII DNS (regardless of IDN), since hyphens are allowed in > most DNS implementations. I wonder if a phisher would only > have to change their own DNS server to get other characters > (like ASCII slash '/') into the names? Or would many of the > DNS clients refuse to lookup names containing such characters? > (I tried to create a name containing ASCII slash yesterday, > but my DNS server wouldn't accept it.) There are people who would claim that your DNS server is broken -- see RFC 2181. However... The reality is that whether DNS names were to be treated as big-endian or little-endian was hotly developed when the DNS was first being designed and, if I recall what I was told, actually changed once or twice. Plus or minus a bit, for every argument that it should be one way, there was an argument that it should be the other. For example, while you would like to see com.mumblefraz.foo so as to detect issues the TLD chosen, it is equally the case that, for many of us in daily use, the distinction between foo.mumblefraz.com and bar.mumblefraz.com is more important. Regardless of how one might toss that particular coin, it has been tossed. We have a huge deployed base of the current order and, even worse than software issues, the current order has been imprinted on the consciousness of a lot of folks who don't really know what a domain name is. Due to the intersection of old JANET Coloured Book names with DNS names, we also have considerable experience trying to operate an Internet in which some names run from left to right and others run from right to left. It wasn't a lot of fun and sometimes people (and software) made mistakes: a domain name like uk.ac.ucl.bar.com was a public nuisance or worse. So, like it or not, I think you had best let this one go and get used to it. FWIW, my ordering preference is the same as yours. But, if I were to make a list of the Internet design decisions that, in retrospect, I would have been happier if they had been made some other way, this one wouldn't make the top ten. And I suspect that opinion would be consistent with a poll of either users or protocol designers, had such a poll been held. (Also, FWIW, "not having domain names in URLs at all" would be close to the top of my list.) john
- [idn] related work Erik van der Poel
- [idn] Unicode categories Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue JFC (Jefsey) Morfin
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue John C Klensin
- Re: [idn] nameprep2 and the slash homograph issue Adam M. Costello
- Re: [idn] something a little lighter for the week… Doug Ewell
- Re: [idn] stability Erik van der Poel
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: process Adam M. Costello
- Re: [idn] punctuation John C Klensin
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] Re: character tables Gervase Markham
- Re: [idn] stringprep: PRI #29 Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Gervase Markham
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] process Paul Hoffman
- Re: [idn] Re: character tables YAO Jiankang
- Re: [idn] nameprep2 and the slash homograph issue JFC (Jefsey) Morfin
- Re: [idn] nameprep2 and the slash homograph issue Adam M. Costello
- Re: [idn] punctuation John C Klensin
- Re: [idn] punctuation tedd
- Re: [idn] Re: character tables JFC (Jefsey) Morfin
- Re: [idn] punctuation Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Gervase Markham
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] Re: character tables Adam M. Costello
- [idn] Re: character tables John C Klensin
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] Re: character tables Paul Hoffman
- Re: [idn] Re: stability Martin v. Löwis
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: stability John C Klensin
- [idn] Re: Unicode categories John C Klensin
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- [idn] character tables Erik van der Poel
- Re: [idn] Re: character tables John C Klensin
- Re: [idn] Re: stability Mark Davis
- Re: [idn] Re: stringprep: PRI #29 Erik van der Poel
- [idn] stability Erik van der Poel
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: dichotomies JFC (Jefsey) Morfin
- Re: [idn] process Adam M. Costello
- Re: [idn] Re: character tables William Tan
- Re: [idn] Re: process James Seng
- [idn] Re: stability Simon Josefsson
- Re: [idn] stability Erik van der Poel
- [idn] Re: stability Martin v. Löwis
- Re: [idn] Re: process Jaap Akkerhuis
- Re: [idn] Re: stringprep: PRI #29 Adam M. Costello
- Re: [idn] punctuation tedd
- [idn] Re: dichotomies Erik van der Poel
- Re: [idn] Re: stability Martin v. Löwis
- Re: [idn] punctuation Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] process JFC (Jefsey) Morfin
- [idn] Re: stability Simon Josefsson
- Re: [idn] nameprep2 and the slash homograph issue JFC (Jefsey) Morfin
- [idn] Re: stringprep: PRI #29 Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Adam M. Costello
- Re: [idn] process John C Klensin
- Re: [idn] Re: Unicode categories Mark Davis
- Re: [idn] process Doug Ewell
- Re: [idn] Re: stability Adam M. Costello
- Re: [idn] process Erik van der Poel
- [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] punctuation tedd
- [idn] punctuation Erik van der Poel
- Re: [idn] Re: stability James Seng
- [idn] Re: stability Simon Josefsson
- [idn] something a little lighter for the weekend Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] something a little lighter for the week… Adam M. Costello
- Re: [idn] process Gervase Markham
- [idn] Re: character tables Cary Karp
- [idn] Mozilla? JFC (Jefsey) Morfin
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] punctuation Erik van der Poel
- [idn] Re: Unicode categories Erik van der Poel
- [idn] Re: stability Simon Josefsson
- Re: [idn] Re: character tables JFC (Jefsey) Morfin
- [idn] Re: process Stephane Bortzmeyer
- Re: [idn] process Erik van der Poel
- Re: [idn] punctuation Jaap Akkerhuis
- Re: [idn] Re: character tables Gervase Markham
- Re: [idn] Re: process Jaap Akkerhuis
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] Re: process James Seng
- [idn] stringprep mailing list Erik van der Poel
- Re: [idn] Re: dichotomies Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] Re: process Erik van der Poel
- [idn] Re: stringprep: PRI #29 Simon Josefsson
- Re: [idn] punctuation Erik van der Poel
- Re: [idn] stability Martin v. Löwis
- [idn] stringprep: PRI #29 Erik van der Poel
- Re: [idn] Re: character tables Paul Hoffman
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- [idn] Re: stability Simon Josefsson
- [idn] process Erik van der Poel
- [idn] stringprep: existing profiles and string pr… Erik van der Poel
- Re: [idn] Re: stability Erik van der Poel
- [idn] dichotomies Erik van der Poel
- Re: [idn] stability JFC (Jefsey) Morfin
- [idn] Re: character tables Cary Karp
- Re: [idn] Re: process Erik van der Poel
- [idn] Re: stringprep mailing list Simon Josefsson
- Re: [idn] Re: Unicode categories Martin v. Löwis
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] something a little lighter for the week… John C Klensin
- Re: [idn] something a little lighter for the week… Adam M. Costello
- Re: [idn] Re: dichotomies JFC (Jefsey) Morfin
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] Re: stability Erik van der Poel
- [idn] Re: stringprep: PRI #29 Simon Josefsson
- Re: [idn] stability Erik van der Poel
- [idn] Re: stringprep: PRI #29 Simon Josefsson