Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homogr aphs Spoofing

Phillip Vandry vandry at TZoNE.ORG
Thu Jul 28 13:51:56 UTC 2005


On Thu, Jul 28, 2005 at 03:27:58PM +0200, Bjørn Mork wrote:
> > Otherwise how can all my applications support IDN?
> 
> Please read RFC 3490.

Thanks for the pointer.

It seems like a lot of work to do and much opportunity for it to be
done inconsistently from application to application. This shim layer
will have to be inserted into every application from ping on up.

But it looks like there's a library ( http://www.gnu.org/software/libidn/ )
that is quite popular, so there is hope for a single point of management
where such things as this Mozilla whitelist need to be updated.

The less headaches there are with support cases where users can't see
decoded IDNs when they should or can see decoded IDNs when it might be
dangerous, due to out of date whitelists, the better.

-Phil



More information about the NANOG mailing list