Dear RIPE: Please don't encourage phishing

Masataka Ohta mohta at necom830.hpcl.titech.ac.jp
Sun Feb 12 07:59:36 UTC 2012


Valdis.Kletnieks at vt.edu wrote:

> Doesn't actually matter, because the .ua registry isn't allowing Greek Gamma
> or Latin-E-with-diaresis, in domain names.

Such local conventions have nothing to do with internationalization.

> But quite frankly,
> turning off IDN doesn't fix that problem - greekbank.gr is spoofable
> by greekbank.ua and greekbank.com.

The problem is greekbank.gr is spoofable as greekbank.gr.

>> Is a Russian word containing no unique (unique to ASCII)
>> Cyrillic characters encoded as Latin character using ASCII,
>> even though a Russian word containing unique (whatever unique
>> means) Cyrillic character encoded as Cyrillic characters?
> 
> No, it means you get to pick 'all-latin-chars.ua' or 'all-cyrillic-chars.ua'.
> And due to the requirement that a cyrillic name have a special char
> in it, you can's spoof an all-latin-chars.ua name.

That "a cyrillic name have a special char in it" makes it
impossible to have a Cyrillic representation of an Ukrainian
word containing no special chars and is impractical.

>> The only protection is to disable IDN.
>
> You also have to ban the use of numbers in domain names, because you
> need to prevent people being tricked by micros0ft.com and m1crosoft.com.

No, the simple solution against such a simple problem is to
use proper font, because all the people know that '0' and 'o'
are different characters and treat them differently.

						Masataka Ohta




More information about the NANOG mailing list