OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Potential revised text for Syntax UCS spoofing sections


This email is for discussion on today's call. It describes alternate text to
address Syntax Issue #8 (XRI/IRI Authority Spoofing) from
http://wiki.oasis-open.org/xri/Xri2Cd02/SyntaxChanges. 

A) CURRENT TEXT IN SYNTAX WORKING DRAFT 09B

Finally, although they are not excluded characters, special care should be
taken by user agents with regard to the display of UCS characters that are
visual look-alikes (homographs) for XRI delimiters (all characters in the
xri-reserved production, section 2.1.2). User agents SHOULD NOT display any
homograph of any XRI delimiter character in unencoded form. User agents can
comply with this guidance for the most part by not displaying UCS
punctuation or symbol characters in unencoded form. However there are still
a small number of non-punctuation UCS characters that may be used as
homographs for certain XRI delimiters; user agents SHOULD NOT display these
characters in unencoded form if a user might interpret them as an XRI
delimiter. See section 3.2, "Spoofing and Homographic Attacks", for
additional information.

B) PROPOSED NEW TEXT 

This is based on a suggestion from Nat on last night's TC call:

Finally, although they are not excluded characters, special care should be
taken by user agents with regard to the display of UCS characters that are
visual look-alikes (homographs) for XRI delimiters (all characters in the
xri-reserved production, section 2.1.2). To prevent spoofing or
misinterpretation of these characters, user agents either: a) SHOULD
visually distinguish the defined XRI delimiter characters using special
color, size, font, or other mechanism that enables users to clearly
understand when a legimitate XRI delimiter character is being displayed,
and/or b) SHOULD NOT display any homograph of any XRI delimiter character in
unencoded form. See section 3.2, "Spoofing and Homographic Attacks", for
additional information.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]