[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] IDN spoofing

To: Erik van der Poel <erik@vanderpoel.org>
Subject: Re: [idn] IDN spoofing
From: William Tan <wil@dready.org>
Date: Tue, 22 Feb 2005 08:51:32 +1100
Cc: George W Gerrity <g.gerrity@gwg-associates.com.au>, List Unicode <unicode@unicode.org>, idn@ops.ietf.org
In-reply-to: <421A5399.7030503@vanderpoel.org>
References: <4aba7a4184c288476e81eadc047c15c8@gwg-associates.com.au> <4219C7D2.8090602@dready.org> <421A5399.7030503@vanderpoel.org>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)


Erik van der Poel wrote:

If the lookalike mapping is not set in stone at the protocol level (i.e. embedded in the app), then the registry will have to activate *all* the variants, otherwise the app will not be able to look up all of them. No?

For many variants, it's good enough to block them from being registered by phishers. One wouldn't expect the users to type in "coca-co1a.com" (with latin "1" instead of "l"), right?

Alternatively, you could embed each registry's lookalike mapping table into the app and just activate one of the variants. I feel like I'm missing something...

That wouldn't be a good idea, for reasons that John explained in an earlier mail about blacklists.

wil.

References:
- Re: [idn] IDN spoofing
  - From: William Tan <wil@dready.org>
- Re: [idn] IDN spoofing
  - From: Erik van der Poel <erik@vanderpoel.org>

Prev by Date: Re: [idn] IDN spoofing
Next by Date: Re: [idn] IDN spoofing
Previous by thread: Re: [idn] IDN spoofing
Next by thread: Re: [idn] IDN spoofing
Index(es):
- Date
- Thread