Re: IDN problem.... :(

From: Peter Kirk (
Date: Fri Feb 11 2005 - 10:23:31 CST

  • Next message: Doug Ewell: "Re: IDN problem.... :("

    On 11/02/2005 15:23, Adam Twardoch wrote:

    > ...
    > Cyrillic Q?
    The Latin letters Q and W are used in the Kurdish Cyrillic script used
    in Armenia and Russia. But I understand that Unicode refused to encode
    separate characters. This implies that Kurdish, including Kurdish IDNs,
    is written in a mixture of Unicode Latin and Cyrillic scripts.

    On 11/02/2005 15:31, Adam Twardoch wrote:

    > ... You can also register a domain name "" (i.e.
    > "", using Latin letters), or "" but this id a
    > different pair of shoes than characters that have different codes but
    > have identical visual appearance.
    These spoof URLs can still have almost identical visual appearance to
    the real ones in the small size sans serif font commonly used in
    browsers' URL windows. But this problem of course predates IDNs.

    On 11/02/2005 15:31, Adam Twardoch wrote:

    > From: "Peter Kirk" <>
    >> Perhaps a better approach would be for browsers, as a default option
    >> which can be switched off, to warn users about mixed script domain
    >> names (or even any non-ASCII domain names) with a dialogue box,
    >> something like: "Domain name contains non-Latin
    >> character(s). This may be a security risk. Are you sure you want to
    >> go to this domain? OK Cancel".
    > And this warning would appear every time for a Chinese or Arabic user?
    > (Unless he figures out that he/she needs to goes to some options and
    > switch it off?)
    > This is so anti-i18n. The idea behind IDN was to stop the hegemony of
    > the Latin script in domain names. Solutions that prevent the spoofs
    > should not again start building up the "our people vs. foreign people"
    > way of thinking.
    I didn't intend to be anti-i18n, and I accept that my idea and the
    warning text needs to be tweaked to avoid that. The warning text would
    of course be localised. And perhaps the tests to be applied would be
    localised, with the acceptable scripts being chosen by the user,
    defaulting to the system default script and Latin (since ASCII URLs will
    not go away soon even in China and the Arab world). And any mixed script
    domain could trigger the message, with possible allowance for cases like

    Alternative tests might be Bayesian, similar to Mozilla's reasonably
    successful spam detection.

    Peter Kirk (personal) (work)
    No virus found in this outgoing message.
    Checked by AVG Anti-Virus.
    Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005

    This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 10:25:25 CST