Dave Crocker <dhc(_at_)dcrocker(_dot_)net> writes:
the architecture of IDN defined in the above three documents
does not solve the traditional and simplified Chinese character
variant problem: it's a half-baked solution for Chinese users.
It has never been a goal of IDN to create equivalence between
different character sets.
This means IDN is not guaranteed to be secure on non-Unicode systems.
There are alot of non-Unicode systems out there today...
That will cause serious delegation problem in the application
of Chinese Domain Name.
The problem of equivalence between different character sets exists
more broadly, so that the IDN situation is merely an example of a
larger problem. That problem needs to be solved for the general case.
IDN chose Unicode, so that IDN was not required to invent basic
technology for representing different character sets.
Similarly, IDN should not invent solutions for equivalence between
different character sets.
When standards bodies for character sets define such equivalences, and
when those equivalences gain popularity, it might be appropriate for
the IDN effort to consider incorporating these new standards.
This isn't an adequate solution IMHO, when the consequences of errors
made by such standard bodies, or conflicts between different standard
bodies, or different interpretations of said standards, or changes
between different versions of those standards, or simply a complete
lack of standardisation in the area (which is the situation today),
may be exploitable for attacking systems on the Internet.
(The details of how to attack systems based on charset equivalence
mapping tables differences, or changes in Unicode decomposition
tables, has been discussed recently on the IDN list.)