[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: nameprep, IDN spoofing and the registries

To: Erik van der Poel <erik@vanderpoel.org>
Subject: Re: [idn] Re: nameprep, IDN spoofing and the registries
From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>
Date: Tue, 22 Feb 2005 22:59:22 +0100
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>,idn@ops.ietf.org
In-reply-to: <421B966F.1020803@vanderpoel.org>
References: <BE3FE373.C6C%haberg@math.su.se> <421A3E9C.5020204@vanderpoel.org> <f3aaace6b9037e8383c412d9e24b18db@gwg-associates.com.au> <421AC08F.2030207@vanderpoel.org> <20050222132656.GA13173@nic.fr> <6.1.2.0.2.20050222163109.02e51db0@mail.jefsey.com> <421B966F.1020803@vanderpoel.org>

At 21:30 22/02/2005, Erik van der Poel wrote:

JFC (Jefsey) Morfin wrote:
2. could someone list all the Unicode codes to blacklist that way?
It will take a while to create a relatively complete table of homographs, but here are a couple of starting points:
https://bugzilla.mozilla.org/attachment.cgi?id=174139
https://bugzilla.mozilla.org/show_bug.cgi?id=279099#c192
Also, I've been thinking of writing a program that would look at the "cmap" of every font on a Windows box and check to see which pairs of Unicodes have the same glyph index (which leads to identical display).

This would help. But a ccTLD managing IDNs in computer environment and wanting to avoid any mistake, manages names in most of the case under the ACE format. In ASCII. I am not sure about existing dispute cases, but we consider that two IDNs are different if they have different in ACE format? Anyway, I answer you below.

3. could someone point a Perl code to use to enter a IDN and to get it properly punycoded, which could use such a list.
I don't know about Perl, but I believe Python has IDN.

Thank you, but as I said, I have no resource on this. So what would be great wold be that this list would actually help preparing a Draft - may be someone of more technical skill and competence would be interested in leading it? So we can start working on something real. I listed my pratical needs. I suppose others would have others to add.

Stephane is key person in supporting many ccTLDs in real life. I am sure he will be of great help. So would Gervase's with the ability to test in Firefox environment.

I have reported the problem and my request on the ccTLD list. I asked about the additional requirements they might have. I will inform this list of any additional demands they may have IRT a practical solution for them. I also documented that my concern was not about the phishing issue but about the ccTLD owns operations. This leaves the legal aside and may be more motivating since their own Registry could be the first victim of a confusion (in Whois display, for example).

jfc

References:
- Re: [idn] IDN spoofing
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] nameprep, IDN spoofing and the registries
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] Re: nameprep, IDN spoofing and the registries
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: [idn] Re: nameprep, IDN spoofing and the registries
  - From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>

Prev by Date: Re: [idn] nameprep2 and the slash homograph issue
Next by Date: Re: [idn] Re: nameprep, IDN spoofing and the registries
Previous by thread: Re: [idn] Re: nameprep, IDN spoofing and the registries
Next by thread: Re: [idn] Re: nameprep, IDN spoofing and the registries
Index(es):
- Date
- Thread