[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] homograph attacks

To: William Tan <wil@dready.org>
Subject: Re: [idn] homograph attacks
From: Erik van der Poel <erik@vanderpoel.org>
Date: Wed, 16 Feb 2005 13:20:22 -0800
Cc: "Martin v. Löwis" <martin@v.loewis.de>, Michel Suignard <michelsu@windows.microsoft.com>, "Kane, Pat" <pkane@verisign.com>, idn@ops.ietf.org, ericj@shmoo.com, tedd <tedd@sperling.com>, dam@icann.org
In-reply-to: <421348F8.9060406@dready.org>
References: <FD16260E2EDF204E80A22FB904A425C30BCA67BD@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <4212EF44.4040208@v.loewis.de> <421348F8.9060406@dready.org>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Hello all,

It seems to me that a registry should not allow the registration of an IDN domain name under a particular language if that registry does not have a table for that language.

When a registry *does* have a table for a particular language, the IDN domain name is restricted to the characters that appear in that table.

So, when there is *no* table for a language, then *no* characters should be allowed. In other words, no IDN domain names (starting with xn--) should be allowed.

Also, it seems to me that registries like COM could "stop the bleeding" (for now) by immediately deploying systems that enforce a policy where registrations for languages for which they do not have tables are rejected.

After that, they could continue to gather or compile tables.

Regards,

Erik van der Poel

William Tan wrote:

Pat can correct me if I'm wrong, but my understanding is that VGRS does NOT have a table associated with the German language. So, if you went ahead and register an IDN, and selected the German language, you can pretty much register any label that is permitted by IDNA, including characters that aren't remotely related to German.
Regsards,
wil.

Follow-Ups:
- Re: [idn] homograph attacks
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] homograph attacks
  - From: "Martin v. Löwis" <martin@v.loewis.de>

References:
- RE: [idn] homograph attacks
  - From: "Michel Suignard" <michelsu@windows.microsoft.com>
- Re: [idn] homograph attacks
  - From: "Martin v. Löwis" <martin@v.loewis.de>
- Re: [idn] homograph attacks
  - From: William Tan <wil@dready.org>

Prev by Date: Re: [idn] homograph attacks
Next by Date: Re: [idn] homograph attacks
Previous by thread: Re: [idn] homograph attacks
Next by thread: Re: [idn] homograph attacks
Index(es):
- Date
- Thread