Dear RIPE: Please don't encourage phishing
mohta at necom830.hpcl.titech.ac.jp
Sun Feb 12 07:59:36 UTC 2012
Valdis.Kletnieks at vt.edu wrote:
> Doesn't actually matter, because the .ua registry isn't allowing Greek Gamma
> or Latin-E-with-diaresis, in domain names.
Such local conventions have nothing to do with internationalization.
> But quite frankly,
> turning off IDN doesn't fix that problem - greekbank.gr is spoofable
> by greekbank.ua and greekbank.com.
The problem is greekbank.gr is spoofable as greekbank.gr.
>> Is a Russian word containing no unique (unique to ASCII)
>> Cyrillic characters encoded as Latin character using ASCII,
>> even though a Russian word containing unique (whatever unique
>> means) Cyrillic character encoded as Cyrillic characters?
> No, it means you get to pick 'all-latin-chars.ua' or 'all-cyrillic-chars.ua'.
> And due to the requirement that a cyrillic name have a special char
> in it, you can's spoof an all-latin-chars.ua name.
That "a cyrillic name have a special char in it" makes it
impossible to have a Cyrillic representation of an Ukrainian
word containing no special chars and is impractical.
>> The only protection is to disable IDN.
> You also have to ban the use of numbers in domain names, because you
> need to prevent people being tricked by micros0ft.com and m1crosoft.com.
No, the simple solution against such a simple problem is to
use proper font, because all the people know that '0' and 'o'
are different characters and treat them differently.
More information about the NANOG