Hacker News new | ask | show | jobs
by andoon 3358 days ago
I see two issues: the mere existence of punycode (does any serious website use a punycode domain?) and the ability of any website to generate an ssl certificate for itself in a matter of minutes, making the "secure" part of the UI most users have been trained since forever to respect irrelevant.
2 comments
franciscop 3358 days ago
I partly agree with the second part. I think it starts to make sense to set it as:

1. Non SSL/TLS sites get marked as insecure. With recent events (ISP allowed to sell your data) this seems like a no-brainer.

2. Self-signed certificates such as Letsencrypt get a normal status.

3. Extended Validation SSL (or however they are called) get the green lock to mark them as trusted.

About your first point there's a huge chunk of the internet who doesn't even speak English so I'd say yes.

link
Dylan16807 3358 days ago
> Self-signed certificates such as Letsencrypt

What?

link
franciscop 3358 days ago
I'm wrong on that one, I totally misused the term. I mean Domain Validated certificates (Letsencrypt and others) vs Extended Validation.
link
andoon 3358 days ago
I see you're Spanish, and so am I--how many times have you seen domains with accented letters? If I see one of those I automatically think I have to remove the accents before I type the URL in my browser.

Regarding countries that don't use latin letters, examples:

http://www.alexa.com/topsites/countries/RU

http://www.alexa.com/topsites/countries/CN

http://www.alexa.com/topsites/countries/DZ

link
franciscop 3358 days ago
Not many, but arguably Spanish people (at least young people in Spain) omit always the graphic accents in instant messaging and many times in social media so it's not weird for us to type an url without an é or an ó. I do know I've been asked by companies to get both the accented and unaccented names just in case.

In contrast, Japanese or Chinese people almost never use English characters mixed with their own on a day to day basis.

The alexa results is really interesting, but I think the whole unicode in the url thing is recent (or at least browser support), right? so it would make sense for unicode urls not to be so popular yet. Or it might just be that way, I'd love to see say the top N sites what % use punycode to see if it's relevant or not.

link
andoon 3358 days ago
Punycode has been there for over 10 years and it's almost unused. If it hasn't been a success yet, it will arguably never be a success. It's not worth it to let it live, given the hazard that phishing poses.
link
Zardoz84 3358 days ago
And sites with "ñ" ?
link
Zardoz84 3358 days ago
http://xn--museovirtualfelixcaada-2ec.digibis.com
link