Re: IDN Security

From: Peter Kirk (
Date: Tue Feb 15 2005 - 04:46:51 CST

  • Next message: Michael Everson: "Re: 03F3 j Greek Letter yot (was Re: IDN problem.... :( )"

    On 15/02/2005 00:55, Mark E. Shoulson wrote:

    > ...
    > Why are the YOD-YOD and VAV-YOD and DOUBLE-VAV digraphs considered
    > atomic? Typographically they're often realized as two separate
    > letters, even in Yiddish. On the other hand, the ALEF-LAMED ligature
    > is more likely to deserve consideration as an atomic character (but
    > not enough that I'd actually argue for it), and yet it's missing.
    > What gives?

    Whether or not they are formally decomposable in Unicode (and my feeling
    is that it is a mistake that they are not at least as compatibility
    decompositions, but then I don't know Yiddish), they are clearly
    confusable with strings of separate letters. And that can serve as a
    reminder that confusability is a property of strings, not individual
    letters. It has already been mentioned that "rn" is confusable with
    "m", and we have all seen cases of "\/" used for deliberately spoofing "V".

    > Having all the vowels and accents(!) available, in Hebrew and in
    > Arabic as well, is almost certainly overkill (I can't imagine anyone
    > would want to complicate a URL so much), but I suppose it's okay for
    > completeness' sake.

    I agree that it is overkill but not that it is OK. Hebrew vowels and
    accents are too small and confusable to be suitable for use in IDNs, at
    least unless much larger character sizes are used. But there are all
    sorts of spoofing opportunities here. Hebrew IDNs should be base
    characters only, or at least versions with points should be folded with
    and treated as synonymous with unpointed versions. In fact I would
    suggest the same for all scripts, but maybe the French, Germans etc want
    IDNs distinguished only by accents, umlaut etc.

    > ...
    > The dingbats, obviously, are going to be an interesting battleground
    > of domain buyers...

    Those trying to use dingbats as a kind of corporate logo IDN should be
    warned that glyphs are not standardised. I once (for fun) made a font
    for a Mac with a rotten apple core glyph (complete with worm) for the
    apple character! ;-)

    Peter Kirk (personal) (work)
    No virus found in this outgoing message.
    Checked by AVG Anti-Virus.
    Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005

    This archive was generated by hypermail 2.1.5 : Tue Feb 15 2005 - 04:48:37 CST