Dear RIPE: Please don't encourage phishing

Masataka Ohta mohta at necom830.hpcl.titech.ac.jp
Sat Feb 11 23:07:26 CST 2012


Neil Harris wrote:

> I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
> safer, given that it already exists.

It's like trying to make DES safer.

> Lots of people have thought about this quite carefully.

Not at all. They (including some Japanese) just wished IDN
work ignoring technical reality.

> See RFC 4290 for
> a technical discussion of the thinking behind this policy,

Technically speaking, there are several sets of frequently
used different but similar Japanese characters most people
do not distinguish so vigorously.

For example, "Sai" of "Saitoh", the tenth most frequent
Japanese family name, is represented by 4 similar but
different characters, which is distinguished by people
named "Saitoh" but not distinguished by most others,
which means phishing is unavoidable.

That is, RFC4290 covering such Japanese characters is
not technical from the beginning.

> and RFC 5992
> for a policy mechanism designed to resolve the problem you raised in
> your example above.

It is nothing more than a political statement, because
there is no reasonable way to use tables in Appendix A.

> You will notice that the .com domain does not appear on the Mozilla IDN
> whitelist.

Which means IDN can not be "Internationalized" at all and
selling IDN is nothing more than a fraud.

					Masataka Ohta



More information about the NANOG mailing list