[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Chinese Domain Name Consortium (CDNC) Declaration

To: "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: [idn] Chinese Domain Name Consortium (CDNC) Declaration
From: Dave Crocker <dhc@dcrocker.net>
Date: Mon, 04 Feb 2002 07:40:52 -0800
Cc: Elisabeth Porteneuve <Elisabeth.Porteneuve@cetp.ipsl.fr>, Marc.Blanchet@viagenie.qc.ca, ajm@icann.org, erin@twnic.net.tw, fred@cisco.com, harald@alvestrand.no, htk@eecs.harvard.edu, iab@ISI.EDU, idn@ops.ietf.org, iesg@ietf.org, jet-member@nic.ad.jp, jseng@pobox.org.sg, klensin@jck.com, lynn@icann.org, mkatoh@mkatoh.net, mkatoh@wdc.fujitsu.com, mouhamet@next.sn, narten@us.ibm.com, nordmark@eng.sun.com, paf@cisco.com, phoffman@imc.org, qhhu@public.bta.net.cn, sharil@cmc.gov.my, shkyong@kgsm.kaist.ac.kr, vcerf@mci.net, alanysho@hkdnr.net.hk, christine.tsang@hkdnr.net.hk, deng@cnnic.net.cn, hlqian@cnnic.net.cn, hoho@iis.sinica.edu.tw, huangk@alum.sinica.edu, jasonho@umac.mo, lee@whale.cnnic.net.cn, mao@cnnic.net.cn, snw@twnic.net.tw, sstseng@twnic.net.tw, tsenglm@cc.ncu.edu.tw, whzhang@cnnnic.net.cn, wschen@twnic.net.tw, wuch@gate.sinica.edu.tw, yktham@umac.mo
In-reply-to: <20020204023529.79C5B7B4B@berkshire.research.att.com>

Steve,

At 09:35 PM 2/3/2002 -0500, Steven M. Bellovin wrote:
>There'a a good discussion of the security risks of the code point
>problem at http://www.csl.sri.com/users/neumann/insiderisks.html#140

homographic attacks are not new with the IDN effort.

for example, MICROS0FT.COM was done.

For that matter, choice of different top-level domains permits a degree of 
homographic attack.  Try looking at dnso.com, rather than dnso.org.  (No, 
this approach does not qualify precisely as homographic, but it takes 
advantage of a small difference from the real name, hoping that users will 
not notice.  And it does work.)

Hence, the IDN work does not introduce a new risk.

d/

----------
Dave Crocker  <mailto:dcrocker@brandenburg.com>
Brandenburg InternetWorking  <http://www.brandenburg.com>
tel +1.408.246.8253;  fax +1.408.273.6464

Follow-Ups:
- Re: [idn] Chinese Domain Name Consortium (CDNC) Declaration
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: [idn] Chinese Domain Name Consortium (CDNC)Declaration
  - From: John C Klensin <klensin@jck.com>

References:
- Re: [idn] Chinese Domain Name Consortium (CDNC) Declaration
  - From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: [idn] Stringprep and UAX15
Next by Date: Re: [idn] Re: Chinese Domain Name Consortium (CDNC) Declaration
Previous by thread: Re: [idn] Chinese Domain Name Consortium (CDNC) Declaration
Next by thread: Re: [idn] Chinese Domain Name Consortium (CDNC)Declaration
Index(es):
- Date
- Thread