Re: Unicode abuse

From: Erik van der Poel (erik@vanderpoel.org)
Date: Mon Mar 07 2005 - 00:14:44 CST

  • Next message: Doug Ewell: "Re: Unicode abuse"

    Doug Ewell wrote:
    > Erik van der Poel <erik at vanderpoel dot org> wrote:
    >
    >>So, all I'm saying is that by adopting basically all of Unicode 3.2
    >>and the whole NFKC process for those characters (followed by some
    >>prohibitions after those steps), Nameprep ended up allowing such
    >>inappropriate characters as double-struck C to be fed into the mapping
    >>process. I believe this was unnecessary. Nameprep could instead have
    >>chosen to return an error upon encountering double-struck C before
    >>normalization.
    >
    > But what harm was done by allowing a hard-to-type and
    > not-very-confusable character like ℂ into the mapping process?

    As I've said, this is not a huge problem. If you don't get the feeling
    that double-struck C was unnecessary in domain names especially since it
    is simply mapped to regular 'c', then you're obviously different from
    me. Like I said, this is highly subjective. Maybe I'm the only one who
    feels like I do!

    I didn't say anything about confusable characters, and even if you think
    I did, I didn't mean to. The confusables (i.e. the recent IDN homograph
    spoofing phishing thingies) are in Stringprep category AO (Allowed in
    Output), while double-struck C is in category MN (Mapped or Normalized).
    These two categories are very different. You can't phish with MN
    characters that map or normalize to AO characters because they are
    folded. You can phish with AO homographs of other AO characters, because
    they are not folded, and will take you to distinct IP addresses via DNS.

    Erik



    This archive was generated by hypermail 2.1.5 : Mon Mar 07 2005 - 00:15:56 CST