Re: IDN problem.... :(

Date: Sun Feb 13 2005 - 04:47:51 CST

  • Next message: Michael Everson: "Re: IDN problem.... :("

    Quoting "Mark E. Shoulson" <>:

    > Mark Leisher wrote:
    > > The first time a URL is seen, provide a drop-down list of homographic
    > > variants to choose from and let the user determine the valid version.
    > > The chosen form is then used by default from then on.
    > Um, this is actually a very *good* idea, I think. If I'm about to click
    > on "" and my browser shows me (on the status line, where I
    > always look, or else in a tooltip) that I'm about to go to
    >, that probably is a pretty good warning. It won't be
    > perfect, and won't catch, say, using non-Latin characters from one
    > script to spoof those in another non-Latin, but even if people know
    > little about Punycode, they ought to be able to see that the URL doesn't
    > look right.

    I fear that all of these ideas for issuing warnings or marking the
    dubious constructs in some browser status region are only going to
    be of help to the small percentage of people who are savvy enough
    to understand the problem. The vast majority of users disable/click
    through a sea of warnings either through ignorance, a low security
    stance or because some more technical person told them to ignore it.

    Thus the great penetration of malware, spam and non-IDN phishing


    This archive was generated by hypermail 2.1.5 : Sun Feb 13 2005 - 04:48:56 CST