RE: IDN inclusion-based model

From: Chris Weber \(Casaba Security\) (chris@casabasecurity.com)
Date: Wed Jul 23 2008 - 15:47:24 CDT

  • Next message: Mark Davis: "Re: IDN inclusion-based model"

    So then is it safe to assume IDN Character Categorization documented at
    http://www.unicode.org/reports/tr36/idn-chars.html are recommendations only?

    Further is it safe to assume that user-agents like web browsers are free to
    recognize any Unicode code point (even the IDN-illegal ones from above) as
    valid?

    Chris

    -----Original Message-----
    From: Stephane Bortzmeyer [mailto:bortzmeyer@nic.fr]
    Sent: Wednesday, July 23, 2008 1:23 AM
    To: Chris Weber (Casaba Security)
    Cc: unicode@unicode.org
    Subject: Re: IDN inclusion-based model

    On Wed, Jul 23, 2008 at 12:33:06AM -0700,
     Chris Weber (Casaba Security) <chris@casabasecurity.com> wrote
     a message of 129 lines which said:

    > Is the decision for what's allowed to be included up to the
    > registrars?

    In most of the cases I know, it it up to the registry.

    > At that point, should it be up to user-agents or registrars, or
    > both, to ensure that legality is checked?

    All the registries I know check that the requested domain name
    complies with their local rules which include the list of authorized
    characters.

    A registry cannot rely on users or registrars to do the check because
    not all of them are nice people.

    From: unicode-bounce@unicode.org [mailto:unicode-bounce@unicode.org] On
    Behalf Of Chris Weber (Casaba Security)
    Sent: Wednesday, July 23, 2008 12:33 AM
    To: unicode@unicode.org
    Subject: IDN inclusion-based model

    How does the IDN Character Categorization documented at
    http://www.unicode.org/reports/tr36/idn-chars.html fit into the
    'inclusion-based approach' referenced in
    http://www.unicode.org/reports/tr36/#Country_Specific_IDN_Restrictions,
    ICANN guidelines, and the RFC 4690?

    Is the decision for what's allowed to be included up to the registrars? Or
    can I gather from the idn-chars.html above that U+FF0F (FULLWIDTH SOLIDUS),
    for example, is an illegal? At that point, should it be up to user-agents
    or registrars, or both, to ensure that legality is checked?

    Thank you,
    Chris



    This archive was generated by hypermail 2.1.5 : Wed Jul 23 2008 - 15:50:13 CDT