On Mon, Feb 04, 2002 at 11:09:34AM -0500, John C Klensin wrote: > --On Monday, 04 February, 2002 08:01 -0800 Mark Davis > > On the other hand, I think it would be quite useful--as I > > suggested some time ago--to add some text that strongly > > recommended that browsers and similar programs that display > > URLs indicate with some sort of visual mechanism where they > > contains mixed scripts, e.g. highlight those characters not in > > the script of the majority of the characters (with a different > > color or background). > > I believe that it would be a significant service to the > community --I would suggest that it is nearly necessary-- to > write strong "security considerations" sections for these > documents, or separate documents, that explicitly identify the > character and range of as many of these problems as are > well-understood. I think that incorporating suggestions like > Mark's into such explanations would be very helpful.
Dear John C Klensin and others, Even though I doubt whether peoples out there may take "security considerations" seriously enough to minimize problems, this is one of what we MUST do. I want to elaborate this idea a little bit. The security consideration section should cover at least three areas; * For IDNA implementers * For zone administrators (especially gTLD registries) * For end users Some may disagree with second and/or third area, we should never forget that all of those problems will arise from registration and use of domain name not from bad implementation. Regards -- /*------------------------------------------------ YangWoo Ko : [EMAIL PROTECTED] We Invent Enterprise Software Solutions and Make You Secure & Powerful. ------------------------------------------------*/
