Notification re UTR #36, Security Issues

From: Rick McGowan (
Date: Mon Jun 27 2005 - 15:02:13 CDT

  • Next message: Patrick Andries: "Re: Tamil sha (U+0BB6) - deprecate it?"

    Due to computer security issues, a set of guidelines is being drafted that
    can impact the use of future International Domain Names (i.e.,
    http://mü ) and identifiers. The computer security issues that have
    arisen involve spoofing of letters or numbers (e.g., in a recent case,
    unsuspecting users were sending credit card information to ""
    which was spelled with a capital "I" in place of lowercase "L", because the
    two are not visibly distinct in some fonts). Similarly Cyrillic or Greek
    letters could be used in lieu of similar looking Latin letters in domain

    The current draft Unicode Technical Report #36 contains guidelines that
    suggest restricting a variety of characters; they would only be permitted
    under lenient security settings. See The document is a
    working draft, and both it and the data files it points to may be edited up
    to the time it is released.

    Because of the subject matter, this draft will be released very soon, but
    there is still some time for feedback. Comments received by the end of this
    week (July 1) can be considered for this version of the document, while
    those after that point will be considered for the next version. Comments
    should be sent via .

    You many find it useful to look at the characters listed in the following
    file: .
    These lists include a representation of the characters, but the image may
    not appear on your screen depending on the fonts installed on your machine;
    you may need to use the character code numbers [or names] and refer to the
    code charts at

    This archive was generated by hypermail 2.1.5 : Mon Jun 27 2005 - 15:03:41 CDT