[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] IDN spoofing

To: William Tan <wil@dready.org>
Subject: Re: [idn] IDN spoofing
From: Erik van der Poel <erik@vanderpoel.org>
Date: Mon, 21 Feb 2005 13:33:13 -0800
Cc: George W Gerrity <g.gerrity@gwg-associates.com.au>, List Unicode <unicode@unicode.org>, idn@ops.ietf.org
In-reply-to: <4219C7D2.8090602@dready.org>
References: <4aba7a4184c288476e81eadc047c15c8@gwg-associates.com.au> <4219C7D2.8090602@dready.org>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

William Tan wrote:

As an example, the word "coke" can be represented completely in Cyrillic homographs, so one can generate 16 combinations of ASCII and Cyrillic characters forming strings that look like "coke". When you register "coke.com", the other 16 variants are automatically tied to this domain (for free or for a fee). They can be either all activated (put into the zone file) or simply blocked from registration.

The good thing about this is that the lookalikes mapping table does not have to be set-in-stone at the protocol level, but individual registries may choose to implement whatever makes sense for them.

If the lookalike mapping is not set in stone at the protocol level (i.e. embedded in the app), then the registry will have to activate *all* the variants, otherwise the app will not be able to look up all of them. No?

Alternatively, you could embed each registry's lookalike mapping table into the app and just activate one of the variants. I feel like I'm missing something...

Erik

Follow-Ups:
- Re: [idn] IDN spoofing
  - From: William Tan <wil@dready.org>

References:
- Re: [idn] IDN spoofing
  - From: William Tan <wil@dready.org>

Prev by Date: Re: [idn] IDN spoofing
Next by Date: Re: [idn] IDN spoofing
Previous by thread: Re: [idn] IDN spoofing
Next by thread: Re: [idn] IDN spoofing
Index(es):
- Date
- Thread