Re: [idn] punctuation
tedd <tedd@sperling.com> Thu, 24 February 2005 15:52 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA05497 for <idn-archive@lists.ietf.org>; Thu, 24 Feb 2005 10:52:04 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1D4LDj-0002WV-Dg for idn-data@psg.com; Thu, 24 Feb 2005 15:48:07 +0000
Received: from [207.115.57.43] (helo=ylpvm12.prodigy.net) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1D4LDf-0002WG-Ts for idn@ops.ietf.org; Thu, 24 Feb 2005 15:48:04 +0000
Received: from pimout6-ext.prodigy.net (pimout6-ext.prodigy.net [207.115.63.78]) by ylpvm12.prodigy.net (8.12.10 outbound/8.12.10) with ESMTP id j1OFlwxd014529 for <idn@ops.ietf.org>; Thu, 24 Feb 2005 10:48:01 -0500
X-ORBL: [69.208.249.149]
Received: from [192.168.0.101] (adsl-69-208-249-149.dsl.lgtpmi.ameritech.net [69.208.249.149]) by pimout6-ext.prodigy.net (8.12.10 milter /8.12.10) with ESMTP id j1OFlvpH345048; Thu, 24 Feb 2005 10:47:58 -0500
Mime-Version: 1.0
Message-Id: <p06210208be4390618c81@[192.168.0.101]>
In-Reply-To: <421D8411.9030006@vanderpoel.org>
References: <421B8484.3070802@vanderpoel.org> <20050223072837.GA21463~@nicemice.net> <D872CCF059514053ECF8A198@scan.jck.com> <421D8411.9030006@vanderpoel.org>
Date: Thu, 24 Feb 2005 10:47:56 -0500
To: idn@ops.ietf.org
From: tedd <tedd@sperling.com>
Subject: Re: [idn] punctuation
Cc: Erik van der Poel <erik@vanderpoel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Erik et al: >But even if we were to color the whole domain name: > >foo.com|bar.baz.xx > >The user might still think that this site is somehow related to >foo.com and therefore safe (as was also pointed out). So you'd have >to display the "unusual" characters like '|' differently. Or >something. Sigh. Seems hopeless. Yes, it may seem hopeless. I believe that the "fruit-loop" solution would fall short of expectations. However, browser makers may find opportunity in providing a more in-your-face homographic solution by analyzing url's and alerting users of potential problems (i.e., beating them about the head). But this possibility/solution is beyond the scope of this group. >Are the phishers going to have a field day with IDN, or what? Yes, they probably are going to have a field day, but I don't think there is much that can be done about that. Much of this problem will be dealt with in the courts -- where it should be. As for end-users, remember less than ten years ago the average user didn't care squat about spam, but now they think different. This homographic phenomena will run its course as well and solutions will be found. >But is this problem really limited to IDN? What about the following >legal ASCII DNS name: > >foo.com--secure-user-services-and-products.tech-mecca.biz > >Does this mean that we should try to switch left-to-right readers >(most of the world) over to big-endian domain names? Please tell me >I'm overreacting! Possibly... but perhaps everyone is overreacting. IMO no safeguards will stop illegal use of anything. Stop signs don't stop everyone regardless of size, color, placement, fines, and laws regarding stop signs. Likewise, and no offense, the efforts of this group will be no different. There will be abuse regardless. The most I think anyone can do is to focus on approaches like the "Delimiter solution" such as those noted at: http://nameprep.org/ Therein, I think there is solid logic in this approach. You might even go after punctuation or symbols, but then there are honest reasons for people having punctuation and symbols in domain names -- do you want to prohibit them because of the possibility of abuse? Abuse, I might add, that could/should be dealt with via ICANN and/or the courts -- where both sides can present their arguments. Not everyone who uses a symbol in a domain name is wrong or is attempting to commit fraud. For example, I have the domain "not-equal sign" dot com. Why? It seemed kind of neat at the time, and being disabled, I was thinking of using it as a discrimination related web site. But, I had a business approach me yesterday saying that they wanted to purchase the name because the design (the not-equal sign) resembles their product, which is a cat toy -- imagine that. So, for what purpose/use can a symbol domain name be? It depends upon the market and regardless if you believe in, or approve of, market forces, there are honest reasons for such domain names. So, let's not throw the baby out with the bath water. There are going to be many avenues for abuse, and I suspect many more than this group can imagine. I know that after reading: http://www.unicode.org/reports/tr36/tr36-2.html I was alerted to more than what I wanted to know. However, my advice (being one of the lessor thinkers in this group) is to concentrate on solid logic, like the delimiter argument, and not on what "may" happen. I'm not saying "give-up" -- I'm simply saying "don't overreact". tedd -- -------------------------------------------------------------------------------- http://sperling.com/
- [idn] related work Erik van der Poel
- [idn] Unicode categories Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue JFC (Jefsey) Morfin
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue John C Klensin
- Re: [idn] nameprep2 and the slash homograph issue Adam M. Costello
- Re: [idn] something a little lighter for the week… Doug Ewell
- Re: [idn] stability Erik van der Poel
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: process Adam M. Costello
- Re: [idn] punctuation John C Klensin
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] Re: character tables Gervase Markham
- Re: [idn] stringprep: PRI #29 Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Gervase Markham
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] process Paul Hoffman
- Re: [idn] Re: character tables YAO Jiankang
- Re: [idn] nameprep2 and the slash homograph issue JFC (Jefsey) Morfin
- Re: [idn] nameprep2 and the slash homograph issue Adam M. Costello
- Re: [idn] punctuation John C Klensin
- Re: [idn] punctuation tedd
- Re: [idn] Re: character tables JFC (Jefsey) Morfin
- Re: [idn] punctuation Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Gervase Markham
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] Re: character tables Adam M. Costello
- [idn] Re: character tables John C Klensin
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] Re: character tables Paul Hoffman
- Re: [idn] Re: stability Martin v. Löwis
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: stability John C Klensin
- [idn] Re: Unicode categories John C Klensin
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- [idn] character tables Erik van der Poel
- Re: [idn] Re: character tables John C Klensin
- Re: [idn] Re: stability Mark Davis
- Re: [idn] Re: stringprep: PRI #29 Erik van der Poel
- [idn] stability Erik van der Poel
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: dichotomies JFC (Jefsey) Morfin
- Re: [idn] process Adam M. Costello
- Re: [idn] Re: character tables William Tan
- Re: [idn] Re: process James Seng
- [idn] Re: stability Simon Josefsson
- Re: [idn] stability Erik van der Poel
- [idn] Re: stability Martin v. Löwis
- Re: [idn] Re: process Jaap Akkerhuis
- Re: [idn] Re: stringprep: PRI #29 Adam M. Costello
- Re: [idn] punctuation tedd
- [idn] Re: dichotomies Erik van der Poel
- Re: [idn] Re: stability Martin v. Löwis
- Re: [idn] punctuation Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] process JFC (Jefsey) Morfin
- [idn] Re: stability Simon Josefsson
- Re: [idn] nameprep2 and the slash homograph issue JFC (Jefsey) Morfin
- [idn] Re: stringprep: PRI #29 Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Adam M. Costello
- Re: [idn] process John C Klensin
- Re: [idn] Re: Unicode categories Mark Davis
- Re: [idn] process Doug Ewell
- Re: [idn] Re: stability Adam M. Costello
- Re: [idn] process Erik van der Poel
- [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] punctuation tedd
- [idn] punctuation Erik van der Poel
- Re: [idn] Re: stability James Seng
- [idn] Re: stability Simon Josefsson
- [idn] something a little lighter for the weekend Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] something a little lighter for the week… Adam M. Costello
- Re: [idn] process Gervase Markham
- [idn] Re: character tables Cary Karp
- [idn] Mozilla? JFC (Jefsey) Morfin
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] punctuation Erik van der Poel
- [idn] Re: Unicode categories Erik van der Poel
- [idn] Re: stability Simon Josefsson
- Re: [idn] Re: character tables JFC (Jefsey) Morfin
- [idn] Re: process Stephane Bortzmeyer
- Re: [idn] process Erik van der Poel
- Re: [idn] punctuation Jaap Akkerhuis
- Re: [idn] Re: character tables Gervase Markham
- Re: [idn] Re: process Jaap Akkerhuis
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] Re: process James Seng
- [idn] stringprep mailing list Erik van der Poel
- Re: [idn] Re: dichotomies Erik van der Poel
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] Re: character tables Erik van der Poel
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] Re: process Erik van der Poel
- [idn] Re: stringprep: PRI #29 Simon Josefsson
- Re: [idn] punctuation Erik van der Poel
- Re: [idn] stability Martin v. Löwis
- [idn] stringprep: PRI #29 Erik van der Poel
- Re: [idn] Re: character tables Paul Hoffman
- Re: [idn] nameprep2 and the slash homograph issue Erik van der Poel
- [idn] Re: stability Simon Josefsson
- [idn] process Erik van der Poel
- [idn] stringprep: existing profiles and string pr… Erik van der Poel
- Re: [idn] Re: stability Erik van der Poel
- [idn] dichotomies Erik van der Poel
- Re: [idn] stability JFC (Jefsey) Morfin
- [idn] Re: character tables Cary Karp
- Re: [idn] Re: process Erik van der Poel
- [idn] Re: stringprep mailing list Simon Josefsson
- Re: [idn] Re: Unicode categories Martin v. Löwis
- Re: [idn] Re: stability JFC (Jefsey) Morfin
- Re: [idn] something a little lighter for the week… John C Klensin
- Re: [idn] something a little lighter for the week… Adam M. Costello
- Re: [idn] Re: dichotomies JFC (Jefsey) Morfin
- Re: [idn] Re: stability Erik van der Poel
- Re: [idn] Re: stability Erik van der Poel
- [idn] Re: stringprep: PRI #29 Simon Josefsson
- Re: [idn] stability Erik van der Poel
- [idn] Re: stringprep: PRI #29 Simon Josefsson