Re: [idn] IDN spoofing

From: Erik van der Poel (
Date: Mon Feb 21 2005 - 14:03:40 CST

  • Next message: Erik van der Poel: "Re: [idn] IDN spoofing"

    Hans Aberg wrote:
    > Sure you can change it: One can make the equivalence classes smaller,
    > whenever one wants.

    As a mathematician, one might be inclined to think that way. But here,
    we're not talking about theoretical mathematics. We're talking about
    network engineering. A totally different way of thinking.

    You can't just change the mapping whenever you want because there are
    many (client and server) installations out there that can't be changed
    overnight (what is known in network parlance as a "flag day").

    For example, even if a registry were to change their mapping, go through
    their entire database, and delete the names that are determined to be
    duplicates (however one might accomplish that), there will be people
    with the old version of the app, which uses the old mapping, and will
    not be able to find the name (since it has been deleted).

    Now, this might be a good thing if the name is an evil spoof, but what
    about innocent registrations? What if two separate parties have an
    equally legitimate claim on a particular name? This happens a lot in the
    ASCII DNS, and basically, whoever got there first (or is willing to pay
    a lot of money) wins.

    One way to continue to support these innocent duplicates is to use a
    different prefix (i.e. something other than xn--) in the new mapping,
    and keep the old names (with the old prefix) in the database (instead of
    deleting them). This way, the old clients continue to find the old
    innocent names.

    But what about the new clients? Now they will suddenly end up on a
    different Web site when the user clicks on a link. I suppose the user
    will just have to update their client, or the domain name owner will
    have to register a different name and update all the Web pages to point
    to the different name (assuming that they even have control over *all*
    of the Web pages that might contain a link to their site).

    And so on. Do you get it now? You can't just change the mapping
    "whenever" you want. If you do this at all, you do it as few times as

    Now, you may point out that we are just getting started with IDN and
    that not very many names have been registered (and I may even agree with
    you), but it would still take a while to come up with a better mapping
    (and reach consensus on it -- shudder), and in the meantime, more names
    would be registered.

    And this still would not negate my main point, which is that you can't
    do this "whenever" you want.


    This archive was generated by hypermail 2.1.5 : Mon Feb 21 2005 - 14:04:58 CST