Non-English Domain Names Likely Delayed
Brad Knowles
brad at stop.mail-abuse.org
Tue Jul 19 13:03:51 UTC 2005
At 12:46 PM +0200 2005-07-19, Iljitsch van Beijnum wrote:
>> What public key crypto are you talking about?
>
> The public key crypto that powers the authentication in SSL.
But that has nothing to do with the DNS. Moreover,
mikerowesoft.com would presumably have an SSL certificate issued to
mikerowesoft.com and which claimed only that it was mikerowesoft.com
and not microsoft.com. The SSL certificate would check out
completely, and still have absolutely nothing whatsoever to do with
the DNS, cache pollution/poisoning, etc....
>> You're on a slippery slope here. At what point do you think that
>> you can stop protecting the users? How do you justify that?
>
> I justify it because "protecting" users agains the fact that similar
> looking/sounding names actually map to completely different things
> ultimately can't be done, so it's better to not do it at all so users
> get burned by relatively harmless examples of this phenomenon
> (www.gougle.com and the like) so they understand it and foster the
> appropriate level of distrust.
Actually, that's a statement that I can agree with.
My point was that, if you're going to try to protect the users
against homophone/homograph attacks, you need to do it in a
standardized way.
Morover, the standards for controlling that need to be held by
separate entities from those who are creating the tools which will
implement those standards -- witness Microsoft's recent downgrading
of Claria/Gator as a malware vendor, simply because they're looking
at buying the company.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the NANOG
mailing list