From: Chris Weber \(Casaba Security\) (email@example.com)
Date: Wed Jul 23 2008 - 15:47:24 CDT
So then is it safe to assume IDN Character Categorization documented at
http://www.unicode.org/reports/tr36/idn-chars.html are recommendations only?
Further is it safe to assume that user-agents like web browsers are free to
recognize any Unicode code point (even the IDN-illegal ones from above) as
From: Stephane Bortzmeyer [mailto:firstname.lastname@example.org]
Sent: Wednesday, July 23, 2008 1:23 AM
To: Chris Weber (Casaba Security)
Subject: Re: IDN inclusion-based model
On Wed, Jul 23, 2008 at 12:33:06AM -0700,
Chris Weber (Casaba Security) <email@example.com> wrote
a message of 129 lines which said:
> Is the decision for what's allowed to be included up to the
In most of the cases I know, it it up to the registry.
> At that point, should it be up to user-agents or registrars, or
> both, to ensure that legality is checked?
All the registries I know check that the requested domain name
complies with their local rules which include the list of authorized
A registry cannot rely on users or registrars to do the check because
not all of them are nice people.
From: firstname.lastname@example.org [mailto:email@example.com] On
Behalf Of Chris Weber (Casaba Security)
Sent: Wednesday, July 23, 2008 12:33 AM
Subject: IDN inclusion-based model
How does the IDN Character Categorization documented at
http://www.unicode.org/reports/tr36/idn-chars.html fit into the
'inclusion-based approach' referenced in
ICANN guidelines, and the RFC 4690?
Is the decision for what's allowed to be included up to the registrars? Or
can I gather from the idn-chars.html above that U+FF0F (FULLWIDTH SOLIDUS),
for example, is an illegal? At that point, should it be up to user-agents
or registrars, or both, to ensure that legality is checked?
This archive was generated by hypermail 2.1.5 : Wed Jul 23 2008 - 15:50:13 CDT