[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] nameprep failures

To: Dan Oscarsson <Dan.Oscarsson@trab.se>, idn@ops.ietf.org
Subject: Re: [idn] nameprep failures
From: David Hopwood <david.hopwood@zetnet.co.uk>
Date: Tue, 24 Jul 2001 05:29:39 +0100

-----BEGIN PGP SIGNED MESSAGE-----

Dan Oscarsson wrote:
> Adam M. Costello wrote:
> >> If I see WWW.AOL.COM, where the A is actually a capital Alpha, then
> >> I'm sure I'll type it incorrectly.  So why doesn't nameprep prohibit
> >> Alpha?
> >
> >[Nitpick:  I wouldn't say you typed it incorrectly, I'd say you read it
> >incorrectly, then typed exactly what you intended to type.]
> 
> Actually the A used in English has the same origin as the Greek Alpha.
> So you could very well see them as the same letter. The difference is
> that when using Greek you use a different glyph for the lower case
> form. I am sure there are many names in Greek or using Cyrillic letters
> that will use only glyphs that are exactely the same as in "Latin" making
> it impossible to from a printed paper identify what alphabet they belong
> to.
> 
> So there is sure to be problems unless matching glyphs are matched
> as equivalent.

This is only a problem if someone is actually allowed to register
www.<alpha>ol.com. Even then, no-one will actually type "WWW.<Alpha>OL.COM"
by accident. So the only issue is that someone might put that in an
email or news article, say, in an attempt to mislead users who expect it
to point to AOL. Attacks that achieve the same effect are possible with
the current DNS (e.g. by sending an HTML e-mail but making it look like
text), and the sky isn't falling in because they are possible.

Nameprep may be able to catch some cases of ambiguous glyphs, but no
matter how much nameprep is tweaked, it will still be necessary for a
human employee of the relevant registrar to vet applications, to check
that names do not *look* (in any case permutation) as though they would
belong to some other entity not associated with the applicant.

- -- 
David Hopwood <david.hopwood@zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBO1z5hzkCAxeYt5gVAQGoFAf/eDHcwjohK5i7M56Qkzf/iwMXL58qHiem
0zlstmkMWYg4Xzd2jAaduaya5AwV9hDGLXXStQMEl/dLfQz/nyLMYDYcoH4WHjsR
VfNihlyyfAEXRhRRYLnBZxVNRILudknSOjXRm+KZrv9hEvfdZU0COJSgVaWo697x
IwYaUMrSPZSuCQ0QYtqxlvvZVQ11rAzRSrAgi6sWAokmpAsmh3Mf7FLORLTA5+ZS
DbXF124rPl1eqUL63uKqZk+TPXJrCIhKWwcYaf/NGXwDEyew0v7F8sfwIETukAev
Uu/PWC8nUAfEJgvB/9ogJjBaByxPl9VmO4uIRqqOHGgkN9kC7stxPw==
=H7HG
-----END PGP SIGNATURE-----

Prev by Date: Re: [idn] Debunking the ACE myth
Next by Date: [idn] =?utf-8?B?UkU6IFtpZG5dIERlYnVua2luZyB0aGUgQUNFIG15dGg=?=
Prev by thread: Re: [idn] nameprep failures
Next by thread: [idn] Re: Just send UTF-8 with nameprep
Index(es):
- Date
- Thread