From: Erik van der Poel (erik@vanderpoel.org)
Date: Mon Mar 07 2005 - 00:14:44 CST
Doug Ewell wrote:
> Erik van der Poel <erik at vanderpoel dot org> wrote:
>
>>So, all I'm saying is that by adopting basically all of Unicode 3.2
>>and the whole NFKC process for those characters (followed by some
>>prohibitions after those steps), Nameprep ended up allowing such
>>inappropriate characters as double-struck C to be fed into the mapping
>>process. I believe this was unnecessary. Nameprep could instead have
>>chosen to return an error upon encountering double-struck C before
>>normalization.
>
> But what harm was done by allowing a hard-to-type and
> not-very-confusable character like ℂ into the mapping process?
As I've said, this is not a huge problem. If you don't get the feeling
that double-struck C was unnecessary in domain names especially since it
is simply mapped to regular 'c', then you're obviously different from
me. Like I said, this is highly subjective. Maybe I'm the only one who
feels like I do!
I didn't say anything about confusable characters, and even if you think
I did, I didn't mean to. The confusables (i.e. the recent IDN homograph
spoofing phishing thingies) are in Stringprep category AO (Allowed in
Output), while double-struck C is in category MN (Mapped or Normalized).
These two categories are very different. You can't phish with MN
characters that map or normalize to AO characters because they are
folded. You can phish with AO homographs of other AO characters, because
they are not folded, and will take you to distinct IP addresses via DNS.
Erik
This archive was generated by hypermail 2.1.5 : Mon Mar 07 2005 - 00:15:56 CST