On 2010/07/30 5:00, CE Whitehead wrote:
Hi. Regarding your proposal, for IDN's, I have a security concern: In the list of unicode allowed characters, the Eastern set of numbers seems to be allowed;(http://unicode.org/reports/tr36/idn-chars.html) Saudi Arabia has got the other set in its allowed list (http://www.iana.org/domains/idn-tables/tables/sa_ar_1.0.html) so I gather both are allowed in IDN's.
Yes indeed.
You would then have mixed scripts in IDN's for Arab with either Arbx alone or Arbs (if those are the names chosen). You do not want to display a mixed script warning for that. (That would be tantamount to my security event viewer's displaying a login failure in addition to a login success everytime I login successfully; you start to ignore the failure messages.) (I cannot find these digits in the normalization charts. Sorry. I suppose however that they do not normalize to one another because that would destroy sequential processing of them -- which is what Karl is looking for -- although sequential processing does not apply to idn's; too bad they cannot just be normalized in idn's, that there cannot be a different standard for idn's . . . would that be an option? That's kind of a wild idea too.)
Yes, they indeed don't normalize. They were discussed at length on the IDN list. Each registry can decide what works best for them (e.g. Saudi Arabia only allows the Arabic digits, Iran only allows the Eastern Arabic digits (in both cases, this may be in addition to 0-9), or some registry may allow both sequences and either reserve a name using the other sequence than a registration, or register both in parallel (bundle). It is because of these various options that the IDN specs don't make a final decision here.
Regards, Martin. -- #-# Martin J. Dürst, Professor, Aoyama Gakuin University #-# http://www.sw.it.aoyama.ac.jp mailto:[email protected]
