Re: [idn] nameprep2 and the slash homograph issue

[Erik van der Poel <erik@vanderpoel.org>]

Adam,

The IETF generally only specifies the "wire" protocol, not UI behavior. 
The IETF does not specify how apps interface with users; it only 
specifies how apps interface with other apps, over the wire. Note that 
this does not even include APIs in many cases.

However, it *would* be very wise to *warn* implementors about any 
dangerous homographs in the new RFC (if we decide not to ban them outright).

Erik

Adam M. Costello wrote:
> But browser implementers want to protect their users today against
> malicious names that may exist in the DNS today.  I don't see how
> this proposal would help them do that.  Browser implementors are
> comtemplating banning characters in IDNs the browser (that is, failing
> to look up names containing blacklisted characters), and I was trying
> to think of a less drastic, less blatantly nonconformant, but equally
> protective measure that could be taken in the browser.