Dear RIPE: Please don't encourage phishing

Sven Olaf Kamphuis sven at cb3rob.net
Sun Feb 12 03:34:58 UTC 2012


yes, domain names that cannot be typed in with any keyboard/charset on any 
computer out there, excellent idea, devide and conquerer, i wonder who 
came up with that idiotic plan again, probably the ITU or one of their 
infiltrants in icann.

how about, we simply don't code any software or adjust any platforms to 
support it, if nobody uses it, no problem :P

(or just deliberately break it as its nothing more than a "devide and 
conquerer" attempt of the UN anyway ;)

On Sun, 12 Feb 2012, Neil Harris wrote:

> On 12/02/12 00:09, Masataka Ohta wrote:
>> Neil Harris wrote:
>>
>>> Techniques to deal with this sort of spoofing already exist: see
>>>
>>> http://www.mozilla.org/projects/security/tld-idn-policy-list.html
>> It does not make sense that .COM allows Cyrillic characters:
>>
>> http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html
>>
>> i script of a domain name is Cyrillic.
>>
>> Domain names do not have such property as script.
>>
>> Is the following domain name:
>>
>> 	CCC.COM
>>
>> Latin or Cyrillic?
>>
>>> for one quite effective approach.
>> The only reasonable thing to do is to disable so called
>> IDN.
>>
>> 					Masataka Ohta
>>
>> PS
>>
>> Isn't it obvious from the page you referred that IDN is
>> not internationalization but an uncoordinated
>> collection of poor localizations?
>>
>
> I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
> safer, given that it already exists.
>
> Lots of people have thought about this quite carefully. See RFC 4290 for
> a technical discussion of the thinking behind this policy, and RFC 5992
> for a policy mechanism designed to resolve the problem you raised in
> your example above.
>
> You will notice that the .com domain does not appear on the Mozilla IDN
> whitelist.
>
> -- N.
>
>
>
>




More information about the NANOG mailing list