Re: IDN problem.... :(

From: Neil Harris (neil@tonal.clara.co.uk)
Date: Fri Feb 11 2005 - 17:45:57 CST

Next message: Karl Pentzlin: "Re[2]: IDN problem.... :("

Previous message: Oliver Christ: "RE: IDN problem.... :("
In reply to: Doug Ewell: "Re: IDN problem.... :("
Next in thread: Doug Ewell: "Re: IDN problem.... :("
Reply: Doug Ewell: "Re: IDN problem.... :("
Reply: Timothy Partridge: "Re: IDN problem.... :("
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Doug Ewell wrote:

>D. Starner <shalesller at writeme dot com> wrote:
>
>
>
>>>But it can work "both ways". Someone could spoof a brand-new Cherokee
>>>banking site, ᏣᎳᎩ.com, with GWУ.com. Perhaps "Domain name is not in
>>>the script used by your computer operating system."
>>>
>>>
>>And how many Cherokee are actually using an OS translated into
>>Cherokee? I doubt there is such a thing, and have seen no efforts on
>>Linux i18n lists to start it.
>>
>>
>
>Curtis's point may have been that non-Latin letters can be spoofed with
>Latin letters, not merely the other way around as we usually think of
>it.
>
>For a more realistic example, imagine a hypothetical Russian site,
>русский.com. Now imagine any or all of the first four letters replaced
>with Latin p or y or c.
>
>My question is, suppose I *want* to visit русский.com? Perhaps my
>browser should alert me, but it must not prevent me from visiting the
>site.
>
>-Doug Ewell
> Fullerton, California
> http://users.adelphia.net/~dewell/
>
>
>
But why would anyone, want to register that half-Latin, half-Cyrillic
mess of a broken label, when the all-Cyrillic label would make more
sense to register, unless they had a dubious motive for doing so? And,
if the registrars actually played by the _existing_ IANA rules, none of
them would let it be registered in any case.

I would like to believe that in a properly-run IDN world, registering a
label like that would be the equivalent of registering an incorrectly
normalized Punycoded label. Yes, in some sense it might be technically
possible to not care about normalization forms, but in practice they are
there for a good reason, even though they represent a reduction in the
overall space of possible labels. Similarly, I think that the IANA/IETF
community are going to have to enforce some more restrictions on labels
if the IDN universe to make IDN safer to deploy, to prevent it from
being Balkanized into a locked-down old-ASCII world and a world of
second-class spoofable IDN domains.

-- Neil

Next message: Karl Pentzlin: "Re[2]: IDN problem.... :("
Previous message: Oliver Christ: "RE: IDN problem.... :("
In reply to: Doug Ewell: "Re: IDN problem.... :("
Next in thread: Doug Ewell: "Re: IDN problem.... :("
Reply: Doug Ewell: "Re: IDN problem.... :("
Reply: Timothy Partridge: "Re: IDN problem.... :("
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 17:46:45 CST