Re: IDN Security, recommended character ranges blacklist

From: Neil Harris (
Date: Wed Feb 16 2005 - 13:29:42 CST

  • Next message: Simon Montagu: "Re: IDN Security"

    Philippe Verdy wrote:

    > --- Doug Ewell <> a écrit :
    >>Neil Harris <neil at tonal dot clara dot co dot uk> wrote:
    >>>Okay, let's get rid of those two ranges, and only blacklist:
    >>>* High Surrogates
    >>>* Low Surrogates
    >>This is at once unnecessary and excessive. Unpaired surrogates are
    >>not even valid Unicode, and are specifically prohibited in nameprep;
    >>while paired surrogates may represent a perfectly legitimate IDN
    >>character (from CJK Extension B, for instance).
    >I don't understand this discussion about "blacklisted" characters!
    >The policy is already defined to use the "inclusive" model, where only
    >well-defined subsets of characters are approved for use in TLDs
    >implementing IDN.
    >Conclusion: there's no need of any blacklist, but only the need, for
    >TLDs to document which subsets they accept and support in their
    >registry (this subset does not necessarily need to include all letters
    >found in the same Unicode/ISO/IEC 10646 code block), and then document
    >for which languages these subsets were made, and also document the
    >rules by which groups of names will be reserved with the same
    >reservation (these names may be homograph using different scripts, or
    >may be simplications of letters, such as when a TLD registry chooses to
    >consider names with or without accents and diacritics as part of the
    >same reservation package).
    Imagine, if you will, a lazy/abusive registry that registers the entire
    Unicode code-point range, or a substantial subset of it, and uses this
    same "subset" for every language it registers. How convenient for them
    this would be, whilst remaining within the letter of the rules, and at
    the same time letting them sell domain names like <smiley-face>.tld.and
    <name><trademark-symbol>.tld. Imagine, also, that they then ignore all
    complaints about their behavior. What do you do then?

    -- Neil

    This archive was generated by hypermail 2.1.5 : Wed Feb 16 2005 - 13:30:42 CST