[126223] in North American Network Operators' Group
Re: Internationalized domain names in the root
daemon@ATHENA.MIT.EDU (Neil Harris)
Sat May 8 08:29:48 2010
Date: Sat, 08 May 2010 13:29:10 +0100
From: Neil Harris <neil@tonal.clara.co.uk>
To: Zaid Ali <zaid@zaidali.com>
In-Reply-To: <C8087424.3009B%zaid@zaidali.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 06/05/10 21:27, Zaid Ali wrote:
> I agree Safari experience looks much nicer and yes whole host of potential
> malice to arise. Firefox shows punycode
>
> http://xn--4gbrim.xn----rmckbbajlc6dj7bxne2c.xn--wgbh1c/ar/default.aspx
>
> Now if I understood arabic only and was travelling or happen to use Firefox
> which showed punycode how would I trust it? If it was directly translated to
> latin characters I could trust it with verification from someone I know who
> understands english. I would not trust puny code because an end user does
> not know what it means, I think there is potential for a lot of issues here.
>
> Zaid
>
>
This is indeed a security issue, and the behaviour in Firefox is
currently that way by design.
To fix it, the .eg / .xn--4gbrim TLD registrar needs to contact the
Mozilla Foundation in order to inform the Foundation of their official
IDN name allocation policy, so that the native-script URL display can
then be switched on for their domain.
See https://bugzilla.mozilla.org/show_bug.cgi?id=564213 and
http://www.mozilla.org/projects/security/tld-idn-policy-list.html
-- Neil
