RE: [idn] homograph attacks

[tedd <tedd@sperling.com>]

> All:
>
> And an interesting follow-up by Paul Hoffman:
>
> http://LookIt.proper.com/archives/000302.html#000302
>
> Gary.


But of course, Paul has solved the problem again.

I know this to be true, because I recognize his manner of presenting 
the solution. First, Paul to divides people into two groups; 1) those 
who know everything about the net, which includes Paul and other 
"God's of the Internet" -- those who invented the Internet (I guess 
this includes Al Gore); 2) everyone else in the world who doesn't 
know squat, of which I'm a member.

Of course, those like me are asked for our opinion, but when we give 
it we are often met with "Well... it's clear that you didn't read 
such and such draft" and then are presented with tens of pages (if 
not hundreds) of pages of Geek speak to comprehend. If that doesn't 
shut us up, then he is most happy to tell us to "Look up the word 
'hubris' in the dictionary" because we are questioning his view of 
the world -- but I digress.

Second, after his introduction, which leaves no doubt that you either 
are smart and agree with him, or... well, you get the picture.

But, sometimes, that just doesn't solve the problem and I often find 
myself back to "If it looks like a duck, and it sounds like a duck..."

Now I realize that after reading Paul's solution, that he really 
doesn't want to be "pulled back in" to the fray. After all, he has 
already provided us with the tablets and now wants to lead his people 
around in the desert away from all of this, but, unfortunately, we 
keep having problems with the commandments he left -- like what's 
this "Thou shall not mix scripts without doing it right" thing?

I think we can all agree with Paul that the "Quick" answers don't 
work. But, you know, I don't understand Paul's "better solutions" 
either. Let's take a look.

The first one has a pretty image of a "hover pop-up" that shows a 
domain name where ASCII characters are in Cyan and Cyrillic 
characters are in Yellow -- that looks pretty smart.

Let's see, if I understand the solution, we use Cyan for ASCII and 
Yellow for Cyrillic, and... -- hey just how many scripts are there 
and how many colors are available? You know, a single domain name 
might take on the look of one of my granddaughter's fruit-loop 
bracelets. So, I'm not sure how that would work.

Of course, one might just use white for "normal" scripts and yellow 
for everything else. That might work. That way everyone in the world 
could have their own script appear "normal" whereas mixed scripts 
would be... ah mixed, right? Of course, those countries who use mixed 
scripts, would always have colored domains -- but there can't be too 
many of those, right?

Of course, the colored domain name solution doesn't address the 
section 508 issue with regard to the disabled, but then again, who 
thinks of the needs of those people, right? Oh, and don't forget the 
blinking domain thing that Paul mentioned either -- am sure that 
would go over well in the disabled market, not to mention that every 
web page designer I know thinks that a blinking anything is a real 
"no-no". But then again, Paul is not a designer.

Oh, and don't forget the lawyers of the person who owns a mixed 
script (liek caf

But Paul is also not super at understanding the problem his solution 
creates. At present we have more than a couple of browsers and OS's 
to contend with. My "Browser Cam" count shows 24 different browser/os 
combinations (if you don't count Flash). So Paul's solution would 
require the creation of 24 different "plug-in's" . I don't know who's 
going to do that, but I doubt that it's going to get done.

Of course, there's also the problem in distribution of those 
plug-in's to zillions of computers -- (zillions is OK, because Paul 
used that number). I don't understand how that is going to work 
either.








--
--------------------------------------------------------------------------------
http://sperling.com/