[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [idn] homograph attacks
Jefsey,
1. The language tags that we permit are a subset of the languages within
ISO 639-2. The list of these can be found at
http://www.verisign.com/static/002533.pdf. The IANA server is a listing of
language tables to be used with a language tag. Commonality amongst TLDs in
general would be good. That is why VeriSign uses tables such as those from
JET and others.
2. I am interested in the French and Ukrainian sets as well as all of the
others that we permit that currently do not have language tables. I have
not seen them so VeriSign does not have a table for either of those valid
language tags. We are deploying this year those that have been posted on
IANA and are appropriate sources.
3. We follow tables as published. We do not develop these tables on our
own as there are more appropriate sources. We did recognize that with
Cyrillic based languages there was a possibility of inappropriate
commingling of characters so we excluded all Latin and ASCII characters with
the exception of 0-9 and the dash.
4. I am not sure of your exact question here, but in the registration
process each registrar actually encodes the characters and passes to
VeriSign the encoded string.
Pat
-----Original Message-----
From: JFC (Jefsey) Morfin [mailto:jefsey@jefsey.com]
Sent: Tuesday, February 15, 2005 7:44 PM
To: Kane, Pat; "Martin v. Löwis" ; tedd
Cc: idn@ops.ietf.org; ericj@shmoo.com
Subject: RE: [idn] homograph attacks
Dear Pat,
I have several questions here.
1. where do you maintain an ASCII list of your language tags? Should it not
be supported on the IANA server and common to all the gTLDs?
2. is there a list of the permitted UNICODEs codes per languages? For
example I am interested in the French and Ukrainian sets.
3. did you decide them by yourself, or did you gather a group of lingual
authorities to assist you. This would be very interesting.
4. would there not be a way to register IDN in using their "xn--" version?
It would simplify international management by resellers?
Thank you for your assistance.
At 20:30 15/02/2005, Kane, Pat wrote:
>VeriSign does prevent domains with the Russian language tag from
commingling
>A-Z with the Cyrillic characters. It does permit 0-9 and the dash to be
>used. This filter also applies to other Cyrillic based languages such as
>Belarusian, Ukrainian, Serbian, Macedonian and Bulgarian.
>
>There are other languages that are listed within ISO 639-2 that today use a
>combination of Latin and Cyrillic as they were originally Latin based
(Tajik
>was Arabic prior to being Latin based), migrated to Cyrillic during the
>Soviet era and today are migrating back to Latin. It is common to use
Latin
>and Cyrillic characters in Tajik, from what I understand not being a native
>speaker. Granted there are not a lot of registrations in com net that are
>Tajik, but this is just the point of an IDN.
>
>Pat Kane
>
>
>-----Original Message-----
>From: owner-idn@ops.ietf.org [mailto:owner-idn@ops.ietf.org] On Behalf Of
>"Martin v. Löwis"
>Sent: Tuesday, February 15, 2005 2:02 PM
>To: tedd
>Cc: idn@ops.ietf.org; ericj@shmoo.com
>Subject: Re: [idn] homograph attacks
>
>tedd wrote:
> > You all knew this was going to happen.
> >
> > http://www.p&1072;ypal.com
>
>Indeed. However, I am somewhat disheartened that this could
>happen. IMO, Verisign should have never have registered that
>domain - the registrar should have provided a language for
>the label, that language should have been "Russian" (or
>else &1072; should not have been allowed), and this combination
>of Cyrillic and Latin letters should not be allowed for the
>Russian language.
>
>Regards,
>Martin