Dear RIPE: Please don't encourage phishing

• Previous message (by thread): Dear RIPE: Please don't encourage phishing
• Next message (by thread): Dear RIPE: Please don't encourage phishing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/02/12 00:09, Masataka Ohta wrote:
> Neil Harris wrote:
>
>> Techniques to deal with this sort of spoofing already exist: see
>>
>> http://www.mozilla.org/projects/security/tld-idn-policy-list.html
> It does not make sense that .COM allows Cyrillic characters:
>
> http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html
>
> i script of a domain name is Cyrillic.
>
> Domain names do not have such property as script.
>
> Is the following domain name:
>
> 	CCC.COM
>
> Latin or Cyrillic?
>
>> for one quite effective approach.
> The only reasonable thing to do is to disable so called
> IDN.
>
> 					Masataka Ohta
>
> PS
>
> Isn't it obvious from the page you referred that IDN is
> not internationalization but an uncoordinated
> collection of poor localizations?
>

I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
safer, given that it already exists.

Lots of people have thought about this quite carefully. See RFC 4290 for
a technical discussion of the thinking behind this policy, and RFC 5992
for a policy mechanism designed to resolve the problem you raised in
your example above.

You will notice that the .com domain does not appear on the Mozilla IDN
whitelist.

-- N.

• Previous message (by thread): Dear RIPE: Please don't encourage phishing
• Next message (by thread): Dear RIPE: Please don't encourage phishing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]