Dear RIPE: Please don't encourage phishing
Joel jaeggli
joelja at bogus.com
Sun Feb 12 06:57:36 UTC 2012
On 2/11/12 19:34 , Sven Olaf Kamphuis wrote:
> yes, domain names that cannot be typed in with any keyboard/charset on
> any computer out there, excellent idea, devide and conquerer, i wonder
> who came up with that idiotic plan again, probably the ITU or one of
> their infiltrants in icann.
If it's worth shoveling blame indiscriminately it's worth informing
yourself a little about the timeline and the actors involved.
http://en.wikipedia.org/wiki/Internationalized_domain_name
> how about, we simply don't code any software or adjust any platforms to
> support it, if nobody uses it, no problem :P
>
> (or just deliberately break it as its nothing more than a "devide and
> conquerer" attempt of the UN anyway ;)
>
> On Sun, 12 Feb 2012, Neil Harris wrote:
>
>> On 12/02/12 00:09, Masataka Ohta wrote:
>>> Neil Harris wrote:
>>>
>>>> Techniques to deal with this sort of spoofing already exist: see
>>>>
>>>> http://www.mozilla.org/projects/security/tld-idn-policy-list.html
>>> It does not make sense that .COM allows Cyrillic characters:
>>>
>>> http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html
>>>
>>> i script of a domain name is Cyrillic.
>>>
>>> Domain names do not have such property as script.
>>>
>>> Is the following domain name:
>>>
>>> CCC.COM
>>>
>>> Latin or Cyrillic?
>>>
>>>> for one quite effective approach.
>>> The only reasonable thing to do is to disable so called
>>> IDN.
>>>
>>> Masataka Ohta
>>>
>>> PS
>>>
>>> Isn't it obvious from the page you referred that IDN is
>>> not internationalization but an uncoordinated
>>> collection of poor localizations?
>>>
>>
>> I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
>> safer, given that it already exists.
>>
>> Lots of people have thought about this quite carefully. See RFC 4290 for
>> a technical discussion of the thinking behind this policy, and RFC 5992
>> for a policy mechanism designed to resolve the problem you raised in
>> your example above.
>>
>> You will notice that the .com domain does not appear on the Mozilla IDN
>> whitelist.
>>
>> -- N.
>>
>>
>>
>>
>
More information about the NANOG
mailing list