Re: Feedback Requested: Unicode Security Considerations

From: Mark Davis (
Date: Fri Jul 01 2005 - 16:47:15 CDT

  • Next message: Werner LEMBERG: "greek character name"

    Thanks for your comments, Michael. There are a few things to remember here.
    First, according to the recommendations, when characters are restricted it
    doesn't mean that you can't use them; it means that you either have to use a
    looser restriction level, or you would get a one-time alert. It is not
    simply a list of characters; reading the lists in isolation from the text
    would not provide enough information to see how they are to be used. You may
    also be looking at older versions: see

    Second, and most importantly, the data and recommendations are not by any
    means set in stone. This is the initial version, and we expect it to be
    refined over time, in consultation with other groups -- particularly the
    IETF. You have plenty of opportunity to provide feedback for future
    versions. Best is, of course, to get your feedback in early in the cycle ;-)


    ----- Original Message -----
    From: "Michael Everson" <>
    To: "UnicoRe Discussion" <>
    Cc: "Unicode Discussion" <>
    Sent: Friday, July 01, 2005 11:01
    Subject: Re: Feedback Requested: Unicode Security Considerations

    > I have sent in the following feedback:
    > Much in the draft TR 36 is very good, in terms of explanation of the
    > problem and so on. But I STRONGLY urge caution in the publication of
    > permitted and unpermitted characters. There is not consensus between
    > UTC and IETF and ICANN on what the shape of IDN should be. I am NOT
    > saying that it will take an eternity to achieve such consensus, but I
    > AM saying that it isn't there yet. In a fortnight in Luxembourg ICANN
    > is having a meeting where a large number of players in this arena
    > will be meeting. I urge the UTC not to publish a definitive UTR on
    > this topic until consensus is achieved.
    > A specific fault in UTR 36 is that it is just a list of characters.
    > For IDN to work, language-specific lists need to be coordinated with
    > such a list of characters. This suggests that proper linguistic
    > expertise may not have been applied in the drafting of the tables.
    > For instance, such lists exist for European languages. Such lists do
    > not exist for many African languages.
    > A specific fault in
    > is that it
    > uses unexplained notations. What is "output"? What is
    > "input-lenient"? Why are these terms used? What is "XID+"?
    > also STILL
    > does not load characters in Safari.
    > Please, UTC, do not rush this. More haste less speed. The parties
    > concerned with this matter include players other than the companies
    > that make up the UTC. Without broader consensus, the UTR may not be
    > accepted. But I agree that it is a good place to make the
    > specification.
    > --
    > Michael Everson * * Everson Typography * *

    This archive was generated by hypermail 2.1.5 : Fri Jul 01 2005 - 16:48:44 CDT