Stories
Slash Boxes
Comments

SoylentNews is people

Web Browsers and International Domain Names

posted by martyb on Sunday March 11 2018, @10:39AM   Printer-friendly
from the söylêntnéws.org dept.

An Anonymous Coward writes:

Brian Krebs writes on how browsers choose to display IDN. The issue here is of course spoofing valid URLs with visually similar letters. You probably would notice the lame attempt in the department line but some of the international characters are very similar or indeed identical. Depending on your personal preferences it might be a good idea to use punycode instead. Could save you a headache later.

https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/

Here are some of the applicable RFCs:

  • RFC 3490 - Internationalizing Domain Names in Applications (IDNA)
  • RFC 3491 - Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
  • RFC 3492 - Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)
  • RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax
  • RFC 4690 - Review and Recommendations for Internationalized Domain Names (IDNs)
  • RFC 5890 - Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
  • RFC 5891 - Internationalized Domain Names in Applications (IDNA): Protocol
  • RFC 5892 - The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)
  • RFC 5893 - Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)
  • RFC 5894 - Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale

Original Submission

 
This discussion has been archived. No new comments can be posted.
Web Browsers and International Domain Names | Log In/Create an Account | Top | 74 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by HiThere on Sunday March 11 2018, @07:52PM (5 children)

    by HiThere (866) Subscriber Badge on Sunday March 11 2018, @07:52PM (#651034) Journal

    I think his, poorly stated, point was that URLs should only contain ASCII-7 characters. I'm not, however, certain. If I'm correct as to what he meant, then there are valid arguments in favor of it. E.g., it not only avoids ambiguities, it allows significant URL compression when compared to the alternatives. And ambiguous URLs are dangerous.

    That said, an alternative that answers some of the objections would be to specify a font in which there were no ambiguous URLs to be used for the display of URLs. Unfortunately, the only ones I've encountered do something like display a numeric code for many valid URL codes. Also that would negate the possibility of compression, though admittedly URLs are generally short enough that this wouldn't be very significant in most circumstances. But if you knew that the codes were ASCII-7 alphanumerics you could use a byte for each character, with one bit for parity. And there would be several unused characters that could be used for control codes. This gives almost-optimal compression.

    So there is a clear case of the requirement that URLs should contain only ASCII-7 characters, and mainly alphanumerics. And there are arguments against allowing a fuller unicode implementation, as that would, at minimum, mean you could no longer specify parity. And it also provides techniques to allow spoofing.

    N.B.: This is not a claim that there is not a valid counter-argument, but rather that I haven't encountered one that impressed me.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by FatPhil on Monday March 12 2018, @09:16AM (4 children)

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Monday March 12 2018, @09:16AM (#651262) Homepage
    URLs are a related issue, DNS was the matter in hand, but in general my opinions are similar.
    The internet was internetting first, if the rest of the world wants to play, it should adapt to the internet, not have the internet adapt to it.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

    • (Score: 2) by massa on Monday March 12 2018, @07:28PM (3 children)

      by massa (5547) on Monday March 12 2018, @07:28PM (#651484)

      You do realize the "rest of the world" internet is far bigger than the USofA internet, don't you?

      • (Score: 2) by FatPhil on Tuesday March 13 2018, @07:37AM (2 children)

        by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Tuesday March 13 2018, @07:37AM (#651718) Homepage
        Since when has "more populous" meant "better"?

        As I said initially - let them invent their own internet.
        --
        Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

        • (Score: 2) by massa on Tuesday March 20 2018, @02:21PM (1 child)

          by massa (5547) on Tuesday March 20 2018, @02:21PM (#655391)

          We did. And we even let you USofAns in :-)

          • (Score: 2) by FatPhil on Tuesday March 20 2018, @04:34PM

            by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Tuesday March 20 2018, @04:34PM (#655465) Homepage
            Don't taint me with that association. I'll welcome with open arms any USian who wants to get the fuck out of the shithole they were cursed to be born in, but apart from that, the US can disappear up its own septic arsehole for all I care.

            You see there's no hypocrisy in my statement - I happily promote the American Standard Code for Information Interchange as being what the internet was built around despite not being American.
            --
            Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves