Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday March 11 2018, @10:39AM   Printer-friendly
from the söylêntnéws.org dept.

Brian Krebs writes on how browsers choose to display IDN. The issue here is of course spoofing valid URLs with visually similar letters. You probably would notice the lame attempt in the department line but some of the international characters are very similar or indeed identical. Depending on your personal preferences it might be a good idea to use punycode instead. Could save you a headache later.

https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/

Here are some of the applicable RFCs:

  • RFC 3490 - Internationalizing Domain Names in Applications (IDNA)
  • RFC 3491 - Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
  • RFC 3492 - Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)
  • RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax
  • RFC 4690 - Review and Recommendations for Internationalized Domain Names (IDNs)
  • RFC 5890 - Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
  • RFC 5891 - Internationalized Domain Names in Applications (IDNA): Protocol
  • RFC 5892 - The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)
  • RFC 5893 - Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)
  • RFC 5894 - Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale

Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday March 11 2018, @11:19PM (1 child)

    by Anonymous Coward on Sunday March 11 2018, @11:19PM (#651110)

    Make it keyboard-dependant (as tfa hints at).
    If the url could be typed without using the compose key on the current keyboard, display as characters. Otherwise, display as punycode.

  • (Score: 2) by requerdanos on Monday March 12 2018, @03:06PM

    by requerdanos (5997) Subscriber Badge on Monday March 12 2018, @03:06PM (#651355) Journal

    Make it keyboard-dependant (as tfa hints at).... "the current keyboard"...

    I have two keyboards connected, one US layout (It's a Microsoft Natural keyboard, the only Microsoft product that I am fond of), one Russian. All the time.

    Your solution makes no sense. Even if we say "the current keyboard layout" instead of "the keyboard", typists generally only change layouts in preparation for typing something, not reading something, not for following a link. Most web browsing doesn't use keyboard input.

    On a deeper level, there is no way to define "THE language" someone speaks, because people speak/read many languages to a certain degree. Even most Americans can pick out a handful of foreign words, which by definition is "reading another language."

    In the same way, it's very poor engineering indeed to design an information system that assumes "the keyboard" or "the monitor" or "the mouse" or "the printer" for the simple reason that any given system may have zero or more of those things. In past decades, these lessons were learned and applied, and now all your major operating systems properly allow for more than one of each with no special hoops to jump through. Deliberately un-learning such a lesson doesn't seem like progress.

    My system I'm typing on right now has the two (very different) keyboards, three monitors, a three-button mouse, a five-button mouse, and a Wacom pad also providing mouse input. The machines to its immediate right and left are headless no-keyboard no-mouse machines that I use via ssh. All of them use the same two laser printers, one color, one black and white.