[UA-discuss] Another difficulty to overcome ...

Andrew Sullivan ajs at anvilwalrusden.com
Tue Feb 20 18:23:42 UTC 2018

On Tue, Feb 20, 2018 at 10:40:31AM +0100, Chaals McCathie Nevile wrote:
> People who more naturally read a non-latin script - the primary
> market for non-latin script - are generally more able to read that
> accurately and less able to spot oddities in latin script or another
> script they don't read.

This is only partly relevant, because even an ASCII label can cause
trouble.  If you doubt this, and you use an Apple product, I suggest
that you try to transcribe a string in the default font in either iOS
or OSX (Keychain Access) where the string contains exactly one of
capital I, lower-case L, capital O, or the digit zero.  There are
certainly similar cases with composed Latin characters, and there are
several well-worked-over examples in Arabic script -- the latter where
characters that are all but guaranteed to use the same glyph are
nevertheless different characters.

> It is about ensuring that people can effectively notice whether
> something is a meaningful URL they were looking for, or a corrupted
> version. It is easier for most people in their own script than
> noticing a corrupted version of a punycode string.

The basic problem here is that domain names were a _lousy_ basis on
which to build security policies, but we did it.  (That sort of thing
happens all the time.  The automobile was a lousy basis around which
to do social planning, but every North American city of any size shows
that we did that, too.  We shape our tools and thereafter they shape

Best regards,

Andrew Sullivan
ajs at anvilwalrusden.com

More information about the UA-discuss mailing list