Re: [idn] IDN spoofing

From: Doug Ewell (
Date: Sat Feb 19 2005 - 17:42:17 CST

  • Next message: Peter Kirk: "Re: orthographies"

    Erik van der Poel <erik at vanderpoel dot org> wrote:

    >> This is one of those problems for which
    >> a partial solution simply isn't good enough.
    > Maybe this is one of those problems for which *no* solution simply
    > isn't good enough?


    > I mean, I'll start with the Arial font found in Windows. Isn't it true
    > that its cmap maps some characters to the same glyph index?

    I wouldn't know. Maybe one of the font guys does.

    > ... I'll point out that Michel Suignard himself
    > (long-time Unicoder) already admitted that:
    > ...
    > # Unicode contains many latin homographs in the Cyrillic block exactly
    > # for that reason, to avoid mixing the two scripts in a single word...
    > ...
    > Am I now going to see some senior Unicoders try to backpedal on these
    > comments? :-)

    I doubt it. Having Cyrillic text be all-Cyrillic and not
    Cyrillic-mixed-with-Latin is a good thing. Being able to surf to the
    Web site you expect and not to some spoofed variant is also a good
    thing. Reconciling these two is not necessarily an easy thing.

    > Well, PayPal will notice that some or all of them are just there to
    > start this very discussion, and hopefully won't sue those poor
    > engineers...

    Some PayPal people (say that five times fast) will probably resent the
    fact that PayPal was chosen as an example. Others, probably more
    astute, will see it as a testament to their high profile and success.

    > Finally, am I answering my own questions? :-)

    Maybe, but at least they're being asked.

    -Doug Ewell
     Fullerton, California

    This archive was generated by hypermail 2.1.5 : Sat Feb 19 2005 - 17:45:26 CST