[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] upstream and downstream

To: IETF idn working group <idn@ops.ietf.org>
Subject: Re: [idn] upstream and downstream
From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
Date: Mon, 21 Feb 2005 23:44:01 +0000
In-reply-to: <20050221111712.GE31308@nicemice.net>
References: <4217D4DA.4000908@vanderpoel.org> <20050220110817.GD14603~@nicemice.net> <4218A1D0.2040703@vanderpoel.org> <20050220234256.GB31308~@nicemice.net> <4219249A.9060306@mozilla.org> <20050221045311.GC31308~@nicemice.net> <61b9d024408c83dce474862ae51abf0c@pobox.org.sg> <20050221081741.GD31308~@nicemice.net> <43983878a97b8668b5eaaaac89029891@seng.cc> <20050221111712.GE31308@nicemice.net>
Reply-to: IETF idn working group <idn@ops.ietf.org>
User-agent: Mutt/1.5.6+20040722i

I wrote:

> IDNA's special treatment of "." is insufficient to prevent homograph
> attacks against ".".
>
> For example, someone could register a name that looks like
> "foo.bar.com", where the first dot was really U+0702.  This attack
> would be equally effective no matter what larger structure (URI, email
> address, etc) the domain name appeared in.

On second thought, the "." homograph attack is less severe than the "/"
homograph attack.  The former only allows the attacker to spoof names
in the same domain that the attacker is registered in; therefore new
registrants can protect themselves from this attack by registering in
a domain with reasonable admission policies.  The "/" attack, however,
allows the attacker to spoof names in *any* domain, so there's nowhere
registrants can go and be safe from it.

The more severe attack can happen only when domain names are embedded
in larger structures, so a case could be made that each of these larger
structures should create its own recommendations for dealing with spoofs
of its delimiters.

On the other hand, non-technical users might be misled by all sorts of
punctuation, even symbols that don't resemble the true delimiters.

AMC

Follow-Ups:
- Re: [idn] upstream and downstream
  - From: "Martin v. Löwis" <martin@v.loewis.de>

References:
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Gervase Markham <gerv@mozilla.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: James Seng <jseng@pobox.org.sg>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: James Seng <james@seng.cc>

Prev by Date: Re: [idn] upstream and downstream
Next by Date: Re: [idn] quick & dirty (but not too dirty) homograph defense
Previous by thread: Re: [idn] upstream and downstream
Next by thread: Re: [idn] upstream and downstream
Index(es):
- Date
- Thread