At 1:38 PM +0200 8/30/08, Per Jessen wrote:
Interesting - I copy-pasted the Rx symbol (from your webpage) into FF
and appended .com - and FF converted the URL symbol to "xn--u2g.com".
I guess FF only works with a limited subset of the many possible special
characters.
What is happening there is FF and other browsers are afraid of
homographic attacks.
A homographic attack is simply where the URL in the browser *looks*
like another, but is not.
For example, early on in this "How do we solve the 7-bit problem?"
with the net, it was brought up that there are many code points in
the Unicode database that look exactly the same as others.
One individual (I can't remember his name at the moment) took the
liberty of registering a domain name (i.e., PayPal.com) that use an
"a" from different charset than English.
While there was no intent to defraud anyone, PayPal wasn't amused and
legislation followed -- the specifics of which I have no information.
But the entire process demonstrated that evil-doers could register
domains that look like other domains and thus fool people.
What some browser developers did was to NOT make the conversion from
PUNYCODE to the correct code-points but rather show the PUNYCODE
"as-is", which was never the intent of the IDNS WG. This act defeated
the entire process of allowing non-English people to have non-English
domain names. This like throwing the baby out with the bath water.
I claim that the process can be solved differently and more
effectively. All browser developers have to do is to evaluate the
PUNYCODE string and if it's made up from a collection of different
charsets, then just color it.
I think making the URL RED would be a better warning than showing
PUNYCODE -- but that's my opinion.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
