From: Martin J. Dürst (firstname.lastname@example.org)
Date: Thu Jul 29 2010 - 20:05:06 CDT
On 2010/07/30 5:00, CE Whitehead wrote:
> Hi. Regarding your proposal, for IDN's, I have a security concern:
> In the list of unicode allowed characters, the Eastern set of numbers seems to be allowed;(http://unicode.org/reports/tr36/idn-chars.html)
> Saudi Arabia has got the other set in its allowed list
> so I gather both are allowed in IDN's.
> You would then have mixed scripts in IDN's for Arab with either Arbx alone or Arbs (if those are the names chosen).
> You do not want to display a mixed script warning for that.
> (That would be tantamount to my security event viewer's displaying a login failure in addition to a login success everytime I login successfully; you start to ignore the failure messages.)
> (I cannot find these digits in the normalization charts. Sorry. I suppose however that they do not normalize to one another because that would destroy sequential processing of them -- which is what Karl is looking for -- although sequential processing does not apply to idn's; too bad they cannot just be normalized in idn's, that there cannot be a different standard for idn's . . . would that be an option? That's kind of a wild idea too.)
Yes, they indeed don't normalize. They were discussed at length on the
IDN list. Each registry can decide what works best for them (e.g. Saudi
Arabia only allows the Arabic digits, Iran only allows the Eastern
Arabic digits (in both cases, this may be in addition to 0-9), or some
registry may allow both sequences and either reserve a name using the
other sequence than a registration, or register both in parallel
(bundle). It is because of these various options that the IDN specs
don't make a final decision here.
-- #-# Martin J. Dürst, Professor, Aoyama Gakuin University #-# http://www.sw.it.aoyama.ac.jp mailto:email@example.com
This archive was generated by hypermail 2.1.5 : Thu Jul 29 2010 - 20:09:25 CDT