identical-glyph homographs (was Re: Mozilla Implements TLD Whitelist...)
Todd Vierling
tv at duh.org
Thu Jul 28 20:55:05 UTC 2005
On Thu, 28 Jul 2005, Florian Weimer wrote:
> > Yes, it's recognized by Mozilla and others as the job of the Internet
> > Architecture Board (in particular, the IAB-IDN group) to make a final
> > decision on how to deal with homographs.
>
> Homographs are a classical example of a PR attack. It's a complete
> non-issue. In practice, people don't use domain names to assess the
> credibility of web sites. 1/l/I and 0/O are homographs as well, and
> the Internet hasn't collapsed as a result.
English-speaking folks actually do often notice the difference between 1/l/I
and 0/O, partly because they're usually (in browsers) lower case -- hence
1/l/i and 0/o (while 1/l is still close, the users are trained by years to
know the difference). It's an implicit Turing-test factor based on
linguistic experience.
Homographs where the glyphs are almost or completely identical, but
completely different code points, is where this *really* breaks down. There
are several sets of glyphs that can mimic nearly all of the Latin alphabet
-- and in most fonts, looks *identical* to the Latin glyphs (some fonts
simply remap to use the Latin glyph's data).
Unfortunately, Pine isn't really a UTF-8 mailer, or I'd demonstrate on list
for you. However, if you have a UTF-capable browser (chances are, you do),
the following should demonstrate identical-glyph homographs nicely.
http://www.duh.org/homographs.cgi
(Hint: In each group of three lines, the strings of characters are NOT
identical, regardless of what your eyes may tell you.)
--
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>
More information about the NANOG
mailing list