L2/05-375

Subject: Statement from UTC to ICANN
Source: Mark Davis
Date: November 9, 2005

The Unicode Technical Committee has had the opportunity to review the working draft
ICANN guidelines of 2005-11-05 (http://www.icann.org/general/idn-guidelines-07nov05.pdf).
While some of the Unicode security subcommittee recommendations
(http://forum.icann.org/lists/idn-guidelines/msg00011.html) have been incorporated,
there are a number of areas that still need substantial modification. The committee
strongly recommends that in that document:

1. ICANN replace the whole Guideline (3) by a simple requirement for the registries
to announce publicly which restriction level (as defined in UTR36) that they apply
in their domain registration.

2. ICANN change the whole Guideline (4) so that it is positively described as a whitelist,
and change the list of permissible codepoints in that whitelist to be the subset of the
output part of the IDN Security Profile (the security profiles for identifiers given in
UTS #39) allowed by the current IDNA specification.

(The current IDNA specification  supports only Unicode 3.2, but this should change in the
future; ICANN should also recommend to the IETF the revision of that specification to
include Unicode 5.0 characters).

3. ICANN change the whole Guideline (5) so that only the first sentence remains, and
rewrite that sentence to: "A registry will define an IDN registration in terms of both
its Nameprep-Normalized Unicode representation and its ACE representation".

4. ICANN drop the last paragraph starting "The current restriction of top-level labels
to the 26-letter..."

Mark Davis
Chief Globalization Architect, IBM
President, Unicode Consortium
Chair, Unicode Security Subcommittee, Unicode Consortium

Michel Suignard
Senior Program Manager, Microsoft Corp
Technical Director, Unicode Consortium
Vice-Chair, Unicode Security Subcommittee, Unicode Consortium