[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] quick & dirty (but not too dirty) homograph defense
On the other hand, if some actual IDN phishing starts to occur under
.com, VeriSign might have to tighten up their policy. They might
eventually lose money on any lawsuits that are filed. So, in the
long term, this IDN spoofing might not be in their best interests.
It's too bad they don't make any comments on this mailing list and
take some kind of action, to put our minds at ease.
Erik
Erik:
Well... the problem is not totally Versign's, is it?
On one hand, the list wants to solve the homograph attack (glyph
look-alike) problem, but on the other hand when confronted with a
clear solution to a specific problem, the list ignores it.
Case in point, the lower and upper case omega. Clearly the upper case
omega would not be confused with any other glyph -- it's unique.
However, the list mandates that all characters shall be lower case.
As such, the lower case omega looks like a lower case "w" and thus
presents a look-a-like problem.
Now, I'm not in favor of allowing both upper and lower case
characters for each glyph into the mix, BUT, I think it wise to look
at one -- OR-- the other to see if a solution for each glyph presents
itself. Is this not reasonable?
As I understand it, this would only require a change in mapping. That
should solve at least one "glyph look-alike" problem -- shouldn't it?
tedd
--
--------------------------------------------------------------------------------
http://sperling.com/