[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] upstream and downstream

To: IETF idn working group <idn@ops.ietf.org>
Subject: Re: [idn] upstream and downstream
From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
Date: Tue, 22 Feb 2005 03:49:45 +0000
In-reply-to: <421A70B0.5030008@mozilla.org>
References: <421746D7.4070102@vanderpoel.org> <42176970.3050704@vanderpoel.org> <20050219214029.GA5457~@nicemice.net> <4217D4DA.4000908@vanderpoel.org> <20050220110817.GD14603~@nicemice.net> <4218A1D0.2040703@vanderpoel.org> <20050220234256.GB31308~@nicemice.net> <4219249A.9060306@mozilla.org> <20050221045311.GC31308~@nicemice.net> <421A70B0.5030008@mozilla.org>
Reply-to: IETF idn working group <idn@ops.ietf.org>
User-agent: Mutt/1.5.6+20040722i

Gervase Markham <gerv@mozilla.org> wrote:

> > Please think twice before creating a precedent of a browser
> > completely blackholing a technically valid (albeit devious) site.
>
> If the site is devious, what possible benefit is there in allowing the
> user access to it?

The user might be investigating alleged phishers (who are targeting
browsers less protective than the investigator's).

Users often guess domain names.  There might be cases where the common
name of an organization includes non-ASCII punctuation that browsers
would consider unsafe to display, but the organization might want to put
a web server there that redirects users to a safe name when they type
the unsafe name as a guess.

Finally, I don't think we can be sure that our automated phishing
detector has no false positives, so I think making sites completely
inaccessible is overkill when it would be sufficient merely to foil the
spoof by showing an unambiguous form of the name (like the ACE form, or
a Unicode form with certain characters percent-encoded).

AMC

References:
- [idn] RRP and language tags
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Gervase Markham <gerv@mozilla.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Gervase Markham <gerv@mozilla.org>

Prev by Date: Re: [idn] quick & dirty (but not too dirty) homograph defense
Next by Date: Re: [idn] quick & dirty (but not too dirty) homograph defense
Previous by thread: Re: [idn] upstream and downstream
Next by thread: [idn] quick & dirty (but not too dirty) homograph defense
Index(es):
- Date
- Thread