[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] homograph attacks

To: Martin Duerst <duerst@w3.org>
Subject: Re: [idn] homograph attacks
From: Erik van der Poel <erik@vanderpoel.org>
Date: Thu, 17 Feb 2005 08:00:25 -0800
Cc: Michel Suignard <michelsu@windows.microsoft.com>, "Martin v. Loewis" <martin@v.loewis.de>, William Tan <wil@dready.org>, "Kane, Pat" <pkane@verisign.com>, idn@ops.ietf.org, ericj@shmoo.com, tedd <tedd@sperling.com>, dam@icann.org
In-reply-to: <6.0.0.20.2.20050217174850.06842c80@localhost>
References: <FD16260E2EDF204E80A22FB904A425C30BD0A0CF@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <42142666.6080005@vanderpoel.org> <6.0.0.20.2.20050217174850.06842c80@localhost>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Martin Duerst wrote:

Again, looking
at this as a script problem is much more appropriate, after
all, neither "com" nor any ccTLD nor most of the gTLDs are
associated with any single language.


Nor is com associated with a single script.

I.e. I think you've taken a step in the right direction, namely:

language -> script

But I believe it would be a good idea to consider taking another step in the same direction:

language -> script -> character set

StringPrep and NamePrep are great, but I wonder if it might be good to take their ideas one step further to solve the IDN spoofing problem. I.e. to "normalize" the homographs by mapping the similar-looking characters to "base" characters.

For example, Cyrillic small 'a' would be mapped to Latin small 'a', since they are virtually identical (and, indeed, given the same glyph index in some fonts, I hear).

Of course, this idea is likely to be extremely controversial since any pair of characters that look similar to one person will look different to another.

Erik

Follow-Ups:
- Re: [idn] homograph attacks
  - From: "Martin v. Löwis" <martin@v.loewis.de>

References:
- RE: [idn] homograph attacks
  - From: "Michel Suignard" <michelsu@windows.microsoft.com>
- Re: [idn] homograph attacks
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] homograph attacks
  - From: Martin Duerst <duerst@w3.org>

Prev by Date: [idn] Tabtags and IDN tabtag Drafts and open mailing lists? (was RE: [idn] homograph attacks)
Next by Date: Re: [idn] who should be doing IDN filtering
Previous by thread: Re: [idn] homograph attacks
Next by thread: Re: [idn] homograph attacks
Index(es):
- Date
- Thread