[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: character tables

To: Gervase Markham <gerv@mozilla.org>
Subject: Re: [idn] Re: character tables
From: Erik van der Poel <erik@vanderpoel.org>
Date: Tue, 01 Mar 2005 20:47:24 -0800
Cc: Paul Hoffman <phoffman@imc.org>, John C Klensin <klensin@jck.com>, idn@ops.ietf.org
In-reply-to: <42251B80.5050503@vanderpoel.org>
References: <421B8484.3070802@vanderpoel.org> <20050223072837.GA21463~@nicemice.net> <D872CCF059514053ECF8A198@scan.jck.com> <421D8411.9030006@vanderpoel.org> <p06210208be4390618c81@[192.168.0.101]> <421E0D0C.2000309@vanderpoel.org> <p06210202be43c3888991@[192.168.0.101]> <E07CE813AD23B2D95DA0C740@scan.jck.com> <421E30F2.1040408@vanderpoel.org> <0E7F74C71945B923C52211F3@scan.jck.com> <421EA0C9.1010500@vanderpoel.org> <00a401c51af3$7863aae0$030aa8c0@DEWELL> <A574CA1BE87BFDA3C2A1AC0E@scan.jck.com> <421FA55B.9000308@vanderpoel.org> <421FCBD7.8000805@vanderpoel.org> <42227EBF.9040703@vanderpoel.org> <45781B7428C6AA07C3B283BD@scan.jck.com> <42229BBC.8020608@vanderpoel.org> <p0621021ebe484f52c0c5@[10.20.30.249]> <4225ABAB.60002@mozilla.org> <p0621022dbe4ab4b8a3fa@[10.20.30.249]> <42251B80.5050503@vanderpoel.org>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

However, I note that this particular conversation is between a browser developer (Gervase) and one of the IDNA authors (Paul), neither of which is a registry representative, so why exactly are you 2 having this conversation? :-)

Sorry, I'm half joking. Half, because you two have every right to discuss whatever you wish. The other half because I believe browser developers can afford to focus more on their end of things.

Sorry, I've been told that this half-joking thing was confusing, and I now believe I shouldn't have tried to be so cute.

All I'm trying to say to *Gervase* is that it doesn't really matter *what* characters are allowed to be registered in a registry, as long as the browser takes steps to warn the user when something phishy might be going on, e.g. a slash homograph, or a Cyrillic small 'a' when the user was probably expecting a Latin small 'a'. As I have pointed out, the registry does *not* have control over higher-numbered level domains. E.g. .de controls the 2nd level domain (2LD), but not the 3LD, 4LD and so on. That is where the slash homograph problem *really* matters.

Instead, I wish the browser developers would focus more on the *user*, who may be "surfing" from one site to the next, spanning the globe, and crossing language boundaries.

Sorry, this may not have been the best logic to use in my argument. It would have been better to talk about phishers, who often spam users with email containing URIs that *could* contain IDN labels with dangerous homographs at any level of the name, 2LD, 3LD, or whatever.

(Most users *don't* surf around the world, since many are monolingual or maybe bilingual.)

Anyway, help me out, guys and gals. Pull my logic through the wringer, and comb it with the finest comb you have at your disposal. This way, we can collectively improve our understanding of the IDN phishing problem and ways to address it.

Erik

Follow-Ups:
- Re: [idn] Re: character tables
  - From: John C Klensin <klensin@jck.com>

References:
- [idn] nameprep2 and the slash homograph issue
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] nameprep2 and the slash homograph issue
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] nameprep2 and the slash homograph issue
  - From: John C Klensin <klensin@jck.com>
- [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: tedd <tedd@sperling.com>
- Re: [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: tedd <tedd@sperling.com>
- Re: [idn] punctuation
  - From: John C Klensin <klensin@jck.com>
- Re: [idn] punctuation
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] punctuation
  - From: John C Klensin <klensin@jck.com>
- [idn] process
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] process
  - From: "Doug Ewell" <dewell@adelphia.net>
- Re: [idn] process
  - From: John C Klensin <klensin@jck.com>
- Re: [idn] process
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] process
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] character tables
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] Re: character tables
  - From: John C Klensin <klensin@jck.com>
- Re: [idn] Re: character tables
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] Re: character tables
  - From: Paul Hoffman <phoffman@imc.org>
- Re: [idn] Re: character tables
  - From: Gervase Markham <gerv@mozilla.org>
- Re: [idn] Re: character tables
  - From: Paul Hoffman <phoffman@imc.org>
- Re: [idn] Re: character tables
  - From: Erik van der Poel <erik@vanderpoel.org>

Prev by Date: Re: [idn] Re: character tables
Next by Date: Re: [idn] nameprep2 and the slash homograph issue
Previous by thread: Re: [idn] Re: character tables
Next by thread: Re: [idn] Re: character tables
Index(es):
- Date
- Thread