<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: IDN pose a security risk ? (was Re: [ga] The Real World)
For those who believe that "Unicode[1] is a security risk" or that "Unicode
focus on printer"[2], please take a look at the presentation by Mark Davis
(president of the Unicode Consortium) titled "Unicode Myths"
See: http://www.macchiato.com/slides/UnicodeMyths.pdf
Solutions to world hungry/peace is intentionally left out of the slides and
left it as an excerise for the reader.
-James Seng
[1] substitute Unicode with I18N/IDN/L10N/ISO10646/..etc..
[2] variation of this include "Unicode is designed for printer purpose" etc
owner-ga@dnso.org wrote:
>
>
>
> Thanks Alex for posting it.
>
> The article title is:
> URLs in Urdu?
> INTERNATIONAL DOMAIN NAMES POSE A NEW SECURITY RISK
> BY WENDY M. GROSSMAN
>
> The author of article writes:
> On a technical level, homograph URLs are not confusing.
> International domain names depend on Unicode, a standard that
> provides numeric codes for every letter in all scripts worldwide.
>
> As far as I understand, it is not true at least in CJK group
> (Chinese-Japanese-Korean), which is not alphabet based,
> and where Unified Han conflicts with versions of Chinese scripts.
> The Unified Han and Unicode system are tied together,
> the beginning of Unicode focus on printers, to answer printer's
> industry needs.
>
> Today the CJK community is working together on Unicode usage for IDNs.
>
> More in my briefing paper to the NC IDN TF at:
> http://www.dnso.org/clubpublic/nc-idn/Arc00/msg00063.html
>
> We may add to Latin-Cyrillic confusion quoted in the article
> that Unicode tables, designed initially for printers, have
> also problems even within Latin area. For example the Slavic
> languages code points include characters with double consons,
> like "dz" "cz" .. etc, If you use the basic ASCII for
> say "dz", you will encode two letters as we see it. But there
> is also another mean to have exactly the same "dz" printed the same
> way, is exist in "Latin Extended B".
> There is no means to distinguish the both in printing, therefore
> in URL.
> I was told by Slavic language linguist that double consons
> have been added in Unicode few years ago to prevent the split
> of words in inadequate place.
>
> Elisabeth Porteneuve
> --
>
> > Date: Thu, 23 May 2002 09:57:41 +0200
> > To: "ga@DNSO.org" <ga@dnso.org>
> > From: Alexander Svensson <alexander@svensson.de>
> > Subject: Re: [ga] The Real World
> >
> >
> > At 22.05.2002 17:15, William S. Lovell wrote:
> > >"Need to Know: ICANN CAN'T," Scientific American,
> > >June 2002, p. 21.
> >
> > Thanks for forwarding this!
> > The "ICANN CAN'T" box accompanies a longer article
> > about IDNS security risks.
> > (http://www.sciam.com/2002/0602issue/0602scicit5.html)
> >
> > Lauren Weinstein from PFIR says that a regulatory
> > approach will be necessary to prohibit confusing names
> > (e.g. homograph names, like microsoft.com incorporating
> > Cyrillic "c" and "o") based on the UDRP. "But it will
> > require proactive policing on the part of the registrars,
> > such as VeriSign, something they have typically resisted."
> >
> > Best regards,
> > /// Alexander
> >
> > --
> >
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|