L2/06-282

Source: Mark Davis
Date: August 6, 2006
Subject: Security
=========

I'd like to discuss the following topic in connection with UTS#39 and UTR#36.

Over time, the UTC has come to the conclusion that in restricting identifier
characters (such as IDN) for security, the important focus is on the output
characters. The actual process that implementations use to get the output
characters, whether it is by applying NFKC or other mappings, should be
outside of the scope. In view of that, I would suggest that in we remove
the following tables from http://www.unicode.org/reports/tr39/data/idnchars.txt,
and make corresponding changes in the text of both #36 and #39 (mostly
deletions and simplfications).

input
input-lenient