Re: Partitioning the spoofing IDN problem

From: Patrick Andries (patrick.andries@xcential.com)
Date: Sat Feb 12 2005 - 17:39:11 CST

  • Next message: Patrick Andries: "Re: Partitioning the spoofing IDN problem"

    Adam Twardoch a écrit :

    > From: "Patrick Andries" <patrick.andries@xcential.com>
    >
    >> In my mind, mixed scripts are suspicious (Basic Latin needed for the
    >> ".com" and such is IMO script-neutral), but unmixed scripts (even
    >> foreign) are perfectly okay if the user has mentioned that he can
    >> read a language using that script. What could be needed then is some
    >> logic to identify the scripts used in the domain name and link them
    >> to languages.
    >
    >
    > I agree:

    [...]

    >
    > 2. Browsers should always warn about mixed-script URLs. Even if such
    > domains may be valid from the IDN point of view, if the major browsers
    > warn about them, people would be discouraged from registering such
    > names for legitimate purposes (which is a negligible problem) and
    > spoofing would be made more difficult.

    [PA] I also think that implementing such warning for mixed-script URL
    (IDN) would help simplify the spoofing problem and limit the confusable
    character list anyone would maintain : only the confusable characters
    within a script (and the generic characters such as basic a-z Latin,
    digest and ponctuation) would have to be considered, not all characters
    looking like a V and E across all scripts for example (Tifinagh is a new
    one for example).

    P. A.



    This archive was generated by hypermail 2.1.5 : Sat Feb 12 2005 - 17:41:23 CST