[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] upstream and downstream

To: IETF idn working group <idn@ops.ietf.org>
Subject: Re: [idn] upstream and downstream
From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
Date: Mon, 21 Feb 2005 11:17:12 +0000
In-reply-to: <43983878a97b8668b5eaaaac89029891@seng.cc>
References: <20050219214029.GA5457~@nicemice.net> <4217D4DA.4000908@vanderpoel.org> <20050220110817.GD14603~@nicemice.net> <4218A1D0.2040703@vanderpoel.org> <20050220234256.GB31308~@nicemice.net> <4219249A.9060306@mozilla.org> <20050221045311.GC31308~@nicemice.net> <61b9d024408c83dce474862ae51abf0c@pobox.org.sg> <20050221081741.GD31308~@nicemice.net> <43983878a97b8668b5eaaaac89029891@seng.cc>
Reply-to: IETF idn working group <idn@ops.ietf.org>
User-agent: Mutt/1.5.6+20040722i

James Seng <james@seng.cc> wrote:

> We do treat "." specially in IDNA because that's part of domain name.

Yes, but IDNA's special treatment of "." was motivated by user
convenience, not by defense against homographs of ".", so it's not
surprising that IDNA's special treatment of "." is insufficient to
prevent homograph attacks against ".".

For example, someone could register a name that looks like
"foo.bar.com", where the first dot was really U+0702.  This attack
would be equally effective no matter what larger structure (URI, email
address, etc) the domain name appeared in.

AMC

References:
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Gervase Markham <gerv@mozilla.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: James Seng <jseng@pobox.org.sg>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: James Seng <james@seng.cc>

Prev by Date: Re: [idn] upstream and downstream
Next by Date: Re: [idn] IDN spoofing
Previous by thread: Re: [idn] upstream and downstream
Next by thread: Re: [idn] upstream and downstream
Index(es):
- Date
- Thread