[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] homograph attacks

To: "Martin v. Löwis" <martin@v.loewis.de>
Subject: Re: [idn] homograph attacks
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
Date: Tue, 15 Feb 2005 11:30:10 -0800 (PST)
Cc: tedd <tedd@sperling.com>, idn@ops.ietf.org, ericj@shmoo.com

On Tue, 15 Feb 2005, "Martin v. Löwis" wrote:

> >    http://www.p&1072;ypal.com
>
> Indeed. However, I am somewhat disheartened that this could
> happen. IMO, Verisign should have never have registered that
> domain - the registrar should have provided a language for
> the label, that language should have been "Russian" (or
> else &1072; should not have been allowed), and this combination
> of Cyrillic and Latin letters should not be allowed for the
> Russian language.

Which is easier than it sounds - there are thousands of homonyms in
unicode (depending on the font sometimes even significantly more) and even
in the easy western european languages you may have a accentgrave dropping
of in some fonts/cases with lowercase chars. And wether it is a true
homonym may differ from language to language and even depends on wether
this is uppercase or not.

Even in an easy language like dutch - would you see the difference between
wwww.ijselmeer.nl and www.?selmeer.nl ('i'+'j' or just unicode 0133 (or
0133 for uppercase)) ?

And even that - to a lot of readers the URLs www.langorse.co.uk and
www.1angorse.co.uk will appear identical. (Try Courier (new) or Gill Sans).

Plus it is not uncommon in some asian company/logo's to see essentially
two or even three "scripts" combined.

Dw

Follow-Ups:
- Re: [idn] homograph attacks
  - From: "Martin v. Löwis" <martin@v.loewis.de>

Prev by Date: Re: [idn] homograph attacks
Next by Date: RE: [idn] homograph attacks
Previous by thread: Re: [idn] homograph attacks
Next by thread: Re: [idn] homograph attacks
Index(es):
- Date
- Thread