[idn] how to solve idn security problem : Re: Morning Humor .....

["Soobok Lee" <lsb@postel.co.kr>]

I know that NAMEPREP is not designed for eliminating ambiguities.
Only for making ease to type in intended IDN hostname conveniently.

OTOW, katakana 'ka' and chinese letter 'power(U+529B)' look the same.
When we(IETF participants) try to normalize them in either direction,
there may be conflict of interests between  Japan and China.
It's not wise for IETF to trigger a war between the two countries!
I had never believed it will be possible.

Likewise, normalizing  minorities' scripts in IDN into others is also
almost impossible. Your humor proved that just now.

Conclusion:
We will live with  plenty of IDN security holes forever and
IDN security relies on zone/mail administrators' faithfullness to
IDN security guidelines by IETF.

The guidelines for registries should not allow Capital 'A'-like letters
in the registered host name in authoriative dns servers in order to
secure IDN from ambiguities.
Now we came to the starting point again. Then, let's each TLD
registry to make its own guideline for strict normalizations.
And then we IETFers are free and no more responsible
for any conflicts of ethnical interests and IDN security breaches.

Read between the lines. What i want to say:
IDN security problem should be addressed in either NAMEPREP or  guidelines
if we regard it as severe one and we believe it is our duty to solve
the problem.

Soobok



----- Original Message -----
From: "Eric Brunner-Williams in Portland Maine" <brunner@nic-naa.net>
To: <triballaw@thecity.sfsu.edu>
Cc: <idn@ops.ietf.org>
Sent: Thursday, July 26, 2001 11:26 PM
Subject: [idn] Morning humor, Korean IETF participant proposes "no Cherokee"
rule


> Oki all,
>
> Background: A technical body [1] is working on allowing languages other than
> English to be used for domain names found in Web names and email addresses.
> The goal is to prevent "looks like" confusion, such as "dot-like" characters
> found in several scripts. The beneficiaries of this goal are trademark owners
> using the Net. The non-beneficiaries are cybersquatters ... and some NDNs,
neh?
>
> The acronymn "IDN" that appears in the original note (attached below) means
> "internationalized domain name", not some off-shore variation of "NDN" ;-)
>
> The "morning humor" for all triballaw subscribers, not to mention the odd
> CNO, UKB, and ECN enrollees and unenrolled Tsalagi both on this list and in
> the frequent-forwarding paths, is assume the body [2] adopting the proposed
> rule is a California 501(c)(3) acting as the technical coordination body for
> the Internet, under contract to the US DoC.
>
> What potential lines of attack may be considered by the FIL practitioner?
>
> Does it matter if "consultation" has never taken place?
>
> Generalizing, several NDN langauges other than Tsalagi use roman and non-roman
> characters, e.g., Abenaki and several other Eastern Algonquin languages use
> an "u-above-o" character for the "w" sound, reflecting the absence of the "w"
> character in 17th century French. This character is usually written as the
> numeral eight ("8"), but now, like the Tsalagi syllabary characters, is in
> an international standard. The "no confusion" principle would prevent these
> characters from being used in Web names and email addresses. Repeat for the
> sets of Roman look-alike characters used when writing <insert your language
> here>.
>
> The extension of this rule to scripts not yet in this international character
> standard would be to require the use of characters from the European "block",
> and any remaining non-European characters from a distinct "block", rather than
> creating a seperate block for all characters for any particular language.
>
> This makes collation (sorting and searching) very difficult to implement.
> The authors of the standard referenced (Unicode) are printer manufacturers,
> who are both indifferent to anything other than putting ink on paper, and
> don't do a lot of sales in Indian Country.
>
> The second bit of "morning humor" is that the standard for Tsalagi used a
> mid-19th century source, and the "correctness" of this source was confirmed
> by a non-literate Swimmer-regime CNO official.
>
> For extra credit, the Triballaw subscribers may comment on the legal issues
> posed by non-governmental bodies normatively defining living languages. The
> government of the People's Republic of China isn't amused by the same group's
> treatment of Chinese.
>
> Humorous replies to me, forward responsibly, and try not to comment on the
> visual similarity of Koreans.
>
> Kitakitamatsinopowaw,
> Eric
>
> [1] IDN Working Group of the Internet Engineering Task Force aka "IETF"
> [2] Internet Corporation for Assigned Names and Numbers, aka "ICANN"
>
> P.S. It is interesting that the Omniglot source doesn't have the usual
> borrowed-from-Europeans origin story. They also manage to cite Cree oral
> history for Cree syllabics, though they give more prominance to James
> Evans. Their Cree page is worth a detour!
> http://www.omniglot.com/writing/cree.htm
>
>
> ------- Forwarded Message
>
> Message-ID: <00c501c11584$8cca2950$ec1bd9d2@temp>
> From: "Soobok Lee" <lsb@postel.co.kr>
> To: <idn@ops.ietf.org>
> Subject: [idn] Cherokee letters look like uppercase Latin letters
> Date: Thu, 26 Jul 2001 12:39:18 +0900
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="ks_c_5601-1987"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2462.0000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
> Sender: owner-idn@ops.ietf.org
> Precedence: bulk
>
> If you look into http://www.unicode.org/charts/PDF/U13A0.pdf,
> You can find most of the Cherokee letters look identical to Latin Uppercase
> letters.
>
> Do we need to allow Cherokee letters in IDN?
>
> Soobok Lee
> - ----------------------------------------------------------------------------
>
> http://www.omniglot.com/writing/cherokee.htm
>
> Origin
> The Cherokee syllabary, reputedly invented by Chief Sequoyah of the Cherokee,
> was introduced in 1819. Sequoyah's descendants claim that he was the last
> surviving member of his tribe's scribe clan and the Cherokee syllabary was
> invented by persons unknown at a much earlier date.
> By 1820, thousands of Cherokees had learnt the syllabary, and by 1830, 90%
were
> literate in their own language. Books, religious texts, almanacs and
newspapers
> were all published using the syllabary, which was widely used for over 100
> years.
> The syllabary is still used, but only by a fairly small number of people.
> Efforts, such the Carnegie Cherokee Project, are being made to revive both the
> Cherokee language and the Cherokee syllabary.
> Used to write:
> Cherokee (Tsalagi), a Southern Iroquoian language spoken by around 22,500
people
> in North Carolina and Oklahoma.
>
>
>
> ------- End of Forwarded Message
>
>