[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] upstream and downstream

To: IETF idn working group <idn@ops.ietf.org>
Subject: Re: [idn] upstream and downstream
From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
Date: Tue, 22 Feb 2005 07:55:49 +0000
In-reply-to: <421AD32F.6050305@v.loewis.de>
References: <4218A1D0.2040703@vanderpoel.org> <20050220234256.GB31308~@nicemice.net> <4219249A.9060306@mozilla.org> <20050221045311.GC31308~@nicemice.net> <61b9d024408c83dce474862ae51abf0c@pobox.org.sg> <20050221081741.GD31308~@nicemice.net> <43983878a97b8668b5eaaaac89029891@seng.cc> <20050221111712.GE31308@nicemice.net> <20050221234401.GA20718~@nicemice.net> <421AD32F.6050305@v.loewis.de>
Reply-to: IETF idn working group <idn@ops.ietf.org>
User-agent: Mutt/1.5.6+20040722i

"\"Martin v. Löwis\"" <martin@v.loewis.de> wrote:

> > For example, someone could register a name that looks like
> > "foo.bar.com", where the first dot was really U+0702.
> 
> I may be missing something, but I think this cannot be registered:
> 
> UnicodeError: Violation of BIDI requirement 2

Sure enough.  I didn't realize U+0702 was right-to-left.  That helps,
but I wonder if there's another dot-lookalike lurking in Unicode.

> > On second thought, the "." homograph attack is less severe than the
> > "/" homograph attack.  The former only allows the attacker to spoof
> > names in the same domain that the attacker is registered in;
>
> I can't follow this reasoning, either: *if* foo.bar.com was possible,
> then I choose foo=www, bar=microsoft, and put an A record for the
> resulting label into DNS. The label would *not* be in the domain
> microsoft.com.

Let use ! to denote the fake dot.  What I meant was that if the attackee
registers microsoft in the .com domain, then the attacker must likewise
register www!microsoft in the .com domain, and maybe someday the .com
registry will stop allowing such things.

Let's use % to denote the fake slash.  With this attack, the attacker
can register www.microsoft.com%foo in the bar.blah.deep.whatever domain,
unhindered by any restrictions that might someday be put on the .com
domain.

AMC

P.S. What's up with the literal quotes in your display-name?  Is that my
mail program acting funny, or yours?

Follow-Ups:
- Re: [idn] upstream and downstream
  - From: "Martin v. Löwis" <martin@v.loewis.de>

References:
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Gervase Markham <gerv@mozilla.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: James Seng <jseng@pobox.org.sg>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: James Seng <james@seng.cc>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: "Martin v. Löwis" <martin@v.loewis.de>

Prev by Date: Re: [idn] nameprep, IDN spoofing and the registries
Next by Date: [idn] Re: nameprep, IDN spoofing and the registries
Previous by thread: Re: [idn] upstream and downstream
Next by thread: Re: [idn] upstream and downstream
Index(es):
- Date
- Thread