John C Klensin <[EMAIL PROTECTED]> wrote: > If we find a need to start banning characters that we could not agree > on banning the first time around, there is another approach, also > unpleasant but IMO less problematic, that could be considered. Just > as RFC 2822 moved past a lot of legacy nonsense by having two separate > "create" and "accept" syntaxes, we could define an additional profile, > say "NameRegisterPrep". It would look a lot like Nameprep but would > ban the characters you are now suggesting banning, plus, based on what > I think is growing experience in the registries, ban any character > that mapped to anything else. > > The lookup process would remain the same, with no changes to Nameprep > being made at all.
But browser implementers want to protect their users today against malicious names that may exist in the DNS today. I don't see how this proposal would help them do that. Browser implementors are comtemplating banning characters in IDNs the browser (that is, failing to look up names containing blacklisted characters), and I was trying to think of a less drastic, less blatantly nonconformant, but equally protective measure that could be taken in the browser. AMC
