<sigh> Kieren McCarthy, whose work I normally appreciate, has sounded off on the IDN issue in The Register without doing any research. The following is the letter I sent him, which I’m reproducing here in case anyone else is under any of the same misapprehensions.
FWIW, the three documents his article mentions, which were released by the registrar community, are also ill-informed in thinking we’ve disabled IDNs. This points to a communications failure that we should try and do something about. More on this when I’ve caught up on the 200-odd mails I have in my Inbox on the subject. (Irony noted.)
Sorry, Kieren, but much as I generally admire your work, 0 marks out of 10 for doing your research on this one. We haven’t disabled IDNs, as the follow-up post in my blog (or, heaven forbid, actually downloading the code and trying it) would have told you. All IDN domains in Firefox 1.0.1 and Mozilla 1.8b1 display in their punycode form. Given the timescales we had for releasing the 1.0.1 security update, this was the best solution we could come up with which dealt with the problem, but as we’ve made quite clear, it’s a temporary one only.
Paul Hoffmann, your “knowledgeable expert” you deployed to patronize us by proxy, may be an expert on IDNs, but he’s not an expert on browser or security UI design. Neither am I, but I know enough to tell him that his idea wouldn’t fly, and I did. The other two documents you link to are in fact guidelines for registries to implement to protect users – in fact, some of the very “ICANN guidelines” I mentioned. So, quoting them as an “everyone else disagrees” measure would rather suggest you hadn’t actually read them.
As for mozilla.org being parochial, it seems that I spend half my time answering well-meaning people who put forward ridiculous suggestions about how IDN domains can be “flagged” or “warned against” (Mr Hoffman included) when in fact our goal is to make them first-class domain names in the browser, alongside and equal with traditional domains. This thinking is laid out in my paper “A Plan For Scams” which I also wrote and blogged about recently.
So, just to set everything straight:
- We haven’t disabled IDNs, just made them ugly in the short term.
- We are getting together with the other browser and plugin manufacturers, the registry groups, some registrars, the IDN people and the Unicode people to sort something out that’ll work in the long term. Don’t worry – when we have, you’ll be the first to know :-)
Update 9.42am: Don’t write emails quickly when in need of sleep. While most of the content above is right (having fixed some typos), as a kind friend has pointed out, the tone is not. I apologise to Kieren for sending him something so ill-considered.
Also, I didn’t mean to count Mr Hoffmann’s remarks among the “ridiculous” ones I’ve seen, only among those which recommended warning against IDNs in some way. So apologies to him, too.
Update 11.54am: and I can’t even spell his name right. Thanks to Smylers for spotting this one.