[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] punctuation

To: John C Klensin <klensin@jck.com>
Subject: Re: [idn] punctuation
From: Erik van der Poel <erik@vanderpoel.org>
Date: Thu, 24 Feb 2005 11:54:26 -0800
Cc: tedd <tedd@sperling.com>, idn@ops.ietf.org
In-reply-to: <E07CE813AD23B2D95DA0C740@scan.jck.com>
References: <421B8484.3070802@vanderpoel.org> <20050223072837.GA21463~@nicemice.net> <D872CCF059514053ECF8A198@scan.jck.com> <421D8411.9030006@vanderpoel.org> <p06210208be4390618c81@[192.168.0.101]> <421E0D0C.2000309@vanderpoel.org> <p06210202be43c3888991@[192.168.0.101]> <E07CE813AD23B2D95DA0C740@scan.jck.com>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

John C Klensin wrote:

We can try
to restrict characters that are clearly dangerous, adopting, if
necessary, a view that the fact someone wants to register or use
a particular string doesn't mean that they are entitled to do
so.

You can write RFCs, move them to STD status, and jump up and down all you want, but you can't stop domain name owners from creating "deep" sub-domains with deceptive names that make the important part of the name go off the end of the display area.

We
can use the UDRP and/or the legal system in various countries to
push back on those who register deceptive names and on the
registrars and registries that encourage the registration of
such names.

The registrars and registries are not the problem. The domain name owners are. If a poor individual has created a deceptive name that hurts a huge company, that company may go after Microsoft (since it has deep pockets) instead of the poor person.

So, the apps' current way of displaying the domain name (right-to-left) in left-to-right cultures is the problem. I tried to make the case that this is even a problem in the ASCII DNS (regardless of IDN), since hyphens are allowed in most DNS implementations. I wonder if a phisher would only have to change their own DNS server to get other characters (like ASCII slash '/') into the names? Or would many of the DNS clients refuse to lookup names containing such characters? (I tried to create a name containing ASCII slash yesterday, but my DNS server wouldn't accept it.)

Hasn't this stuff been covered in any RFC yet?

Erik

Follow-Ups:
- Re: [idn] punctuation
  - From: John C Klensin <klensin@jck.com>

References:
- [idn] nameprep2 and the slash homograph issue
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] nameprep2 and the slash homograph issue
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] nameprep2 and the slash homograph issue
  - From: John C Klensin <klensin@jck.com>
- [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: tedd <tedd@sperling.com>
- Re: [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: tedd <tedd@sperling.com>
- Re: [idn] punctuation
  - From: John C Klensin <klensin@jck.com>

Prev by Date: RE: [idn] punctuation
Next by Date: RE: [idn] punctuation
Previous by thread: Re: [idn] punctuation
Next by thread: Re: [idn] punctuation
Index(es):
- Date
- Thread