IDN Security

From: Mark Davis (mark.davis@jtcsv.com)
Date: Mon Feb 14 2005 - 11:20:06 CST

  • Next message: Peter Kirk: "Re: Languages using multiple scripts"

    There were a few items coming out of the UTC meeting in regards to IDN.

    1. We will be adding to draft UTR #36: Security Considerations for the
    Implementation of Unicode and Related Technology
    (http://unicode.org/reports/tr36/). In particular, this will include more
    background information and a set of specific recommendations for both
    browsers and registrars; both to be refined over time.

    2. The UTC has authorized the editorial committee to make updates to #36
    between UTC meetings, to allow for faster turn-around in presenting both
    background material and recommendations. We will try to incorporate ideas
    presented on these lists and others, so suggestions are welcome.

    3. The UTR had for some time recommended the development of data on visually
    confusables, and we will be starting to collect data to test the feasibility
    of different approaches. In regards to that, I'll call people's attention to
    the chart on http://www.unicode.org/reports/tr36/idn-chars.html, that shows
    the permissible IDN characters, ordered by script, then whether decomposable
    or not, then according to UCA collation order. (These are characters after
    StringPrep has been performed, so case-folding and normalization have
    already been applied.)

    ‚ÄéMark



    This archive was generated by hypermail 2.1.5 : Mon Feb 14 2005 - 11:21:15 CST