[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] IDN security and ACE leakage

To: <idn@ops.ietf.org>
Subject: Re: [idn] IDN security and ACE leakage
From: "Soobok Lee" <lsb@postel.co.kr>
Date: Mon, 16 Jul 2001 14:05:41 +0900

I think ACE is convenient utf8-replacement to improve  universal
verifiability of  internet identifiers, since it can be restored to
 its utf8 (sometimes undisplayable or unrecognizable or
 undistinguishable) string and also provides ascii compatible 
(ugly but always verifiable ) labels while assuring backward 
compatiblities to existing DNS infrastructures.

We cannot enforce all the peoples in the world to learn every 
scripts/glyphs in unicode code charts. 
They are not all geniuses for languages.

I believe ACE will  be not deprecated and will remain forever as an
auxiliary common-denominator display format of internet 
identifiers as well as one of viable zone file formats and 
wire formats.  shorter ACE labels always benefit.

ACE is another "utf-8" for identifiers, not an inferior interim 
encoding. It deserves its overhead for improving  identifier  security.

Soobok Lee

----- Original Message -----
From: "Soobok Lee" <lsb@postel.co.kr>
To: <idn@ops.ietf.org>
Sent: Monday, July 16, 2001 10:26 AM
Subject: Re: [idn] IDN security and ACE leakage


>
> ----- Original Message -----
> From: "Martin Duerst" <duerst@w3.org>
> > >How can we distinguish  katakana 'ro-to.com' and hangul 'ma.com'
> > >if we haven't learn japanese and korean ?
> >
> > Well, the main point will be spacing. There are also other font
> > differences. But these are made for people who write katakana or
> > hangul, not for those that don't.
> >
> In most cases, the problems come from the similarities, not from spacing.
>
> katakana 'ka' and chinese letter 'power(U+529B)' look the same.
> Bengali numeral '4'  and latin '8' look the same.
>
> What if japanese or korean customers send us with their IDN-email
> addresses  and we don't know japanese and korean letters and their
> spacing semantics ?
>
> Still I cannot distinguish between Bengali numeral '4' and latin '8'.
>
> How can we prevent malicious attempts to
> forge similiarly-looking but different domains ?
>
>
>
> >
> > Regards,   Martin.
> >
>

Prev by Date: Re: [idn] UTF-8 as the long-term IDN solution
Next by Date: [idn] Should we add U+FF0E FULLWIDTH FULL STOP to section 5.10 of Nameprep?
Prev by thread: Re: [idn] IDN security and ACE leakage
Next by thread: Re: [idn] IDN security and ACE leakage
Index(es):
- Date
- Thread