On Wednesday, February 6, 2002, at 11:12 AM, Lars Kristan wrote:
> Maybe digitally signed messages and bank accounts are not that good of an
> example, since people would be more careful there. Another case where this
> may get exploited will be domain names, once Unicode is allowed there.
> While
> www.example.com may be a company I trust, www.example.com with a Cyrillic
> 'a' in it may be a hacker (and no, I did not imply he/she would be from a
> county that uses Cyrillic) trying to get me to visit the site.
>
Right, but right now is that people are typing things like www.whitehouse.
com instead of www.whitehouse.gov (or, for that matter, www.unicode.com).
How likely is it that someone will accidentally type www.sаmple.com
instead of www.sample.com?
The original focus was on digital signatures, and I still don't get the
objection. Because I don't know *precisely* what bytes Microsoft Word or
Adobe Acrobat use, do I refuse to sign documents they create? Is that the
idea? I mean, good heavens, I don't even know *precisely* what bytes Mail.
app is going to use for this email. Should I refuse to sign it?
==========
John H. Jenkins
jenkins@apple.com
jenkins@mac.com
http://homepage.mac.com/jenkins/
This archive was generated by hypermail 2.1.2 : Wed Feb 06 2002 - 13:23:10 EST