Non-English Domain Names Likely Delayed
Iljitsch van Beijnum
iljitsch at muada.com
Mon Jul 18 22:02:35 UTC 2005
On 18-jul-2005, at 23:43, Crist Clark wrote:
> Isn't someone more eloquent than I going to point out that that
> spending
> a lot of effort eliminating homographs from DNS to stop phishing is a
> security measure on par with cutting cell service to underground
> trains
> to prevent bombings? It focuses on one small vulnerability that
> phishers
> exploit, and "fixing" this one vulnerability just may make things
> worse.
If you make a bunch of assumptions (SSL certificate chain is ok,
binary is trustworthy, etc) you can be sure that when it says https://
www.blah.com/ in your browser, you're actually communicating with the
entity holding the name www.blah.com in a secure way. So when
something that looks exactly like www.blah.com is in fact different
from www.blah.com, that's a pretty big deal because it breaks the
whole system. So how would fixing this make things worse? And what
else should we be doing instead?
More information about the NANOG
mailing list