Re: Security Issues

From: Mark Davis (
Date: Sun Apr 03 2005 - 15:51:31 CST

  • Next message: Philippe VERDY: "Re: Does Unicode 4.1 change NFC?"

    I think you might be overstating the case. Suppose that the English-speaking
    world had to make do without the letter 'k' in domain names, and people had
    to type instead of, etc. There would clearly be substantial
    interest in correcting that situation. So IDN, correctly, also allows
    Latin-script-using languages to flesh out their support.

    But if 'k' really were not used in any real publications in a modern
    language, then it would be a different story (see my previous message).


    ----- Original Message -----
    From: "Doug Ewell" <>
    To: "Unicode Mailing List" <>
    Sent: Sunday, April 03, 2005 13:29
    Subject: Re: Security Issues

    > Peter Kirk <peterkirk at qaya dot org> wrote:
    > >> There's also a significant controversy surrounding the ability of
    > >> some evil person to register "paypaɫ.com" or similar, using a letter
    > >> like U+026B that most people in the world aren't aware exists, ...
    > >
    > > The standard should not pander to ignorance. Don't forget that there
    > > are billions of Chinese, Indians etc who are not familiar even with
    > > our basic ABC.
    > The whole concept of IDN was fueled by the image of billions of Chinese,
    > Indians, etc. who were forced to learn the Latin script in order to use
    > the Internet, and who shouldn't have to.
    > There was comparatively little urgency with regard to the speakers of
    > German, Polish, Kobon, and Sencoten, who are already familiar with the
    > Latin script but require letters that aren't available in non-IDN domain
    > names. They had gotten along with Basic Latin approximations for years,
    > and were largely expected to continue to do so. Domain names, after
    > all, are not usually expected to be linguistically perfect.
    > >> ... and using it to dupe innocent consumers. People are running
    > >> around screaming that internationalized domain names are evil for
    > >> allowing these characters, and that Unicode is evil for including
    > >> them in the first place. This "security" thread is an attempt to
    > >> work out the best solution for all.
    > >
    > > I see the point. But if we are going to allow U+0142 to support
    > > Polish, and so to allow anyone to register "paypał.com", then there is
    > > not much difference allowing them to use "paypaɫ.com", with U+026B.
    > You missed my point entirely. There are 44 million speakers of Polish
    > (Ethnologue). The balance between possible security problems and
    > support for Polish-specific letters in domain names may be different
    > from the balance involved in supporting letters specific to Kobon (6,000
    > speakers) or Sencoten (3,000 speakers, to be generous).
    > > Perhaps U+0142 and U+026B can be listed as lookalikes.
    > Not a bad idea.
    > > Actually, does anyone want U+026B? This is not a click. Perhaps you
    > > were thinking of U+01C2.
    > Vlad had written, "L WITH MIDDLE TILDE is used orthographically in
    > Kobon." I assumed he meant U+026B LATIN SMALL LETTER L WITH MIDDLE
    > TILDE.
    > U+01C2 LATIN LETTER ALVEOLAR CLICK, on the other hand, doesn't look at
    > all like an L with middle tilde.
    > -Doug Ewell
    > Fullerton, California

    This archive was generated by hypermail 2.1.5 : Sun Apr 03 2005 - 15:52:18 CST