Re: [idn] IDN spoofing

• Previous message: UList@dfa-mail.com: "Codepoint Differentiation"
• Maybe in reply to: Erik van der Poel: "Re: [idn] IDN spoofing"
• Next in thread: Erik van der Poel: "Re: [idn] IDN spoofing"
• Reply: Erik van der Poel: "Re: [idn] IDN spoofing"
• Reply: George W Gerrity: "Re: [idn] IDN spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Hans Aberg wrote:
> Sure you can change it: One can make the equivalence classes smaller,
> whenever one wants.

As a mathematician, one might be inclined to think that way. But here,
we're not talking about theoretical mathematics. We're talking about
network engineering. A totally different way of thinking.

You can't just change the mapping whenever you want because there are
many (client and server) installations out there that can't be changed
overnight (what is known in network parlance as a "flag day").

For example, even if a registry were to change their mapping, go through
their entire database, and delete the names that are determined to be
duplicates (however one might accomplish that), there will be people
with the old version of the app, which uses the old mapping, and will
not be able to find the name (since it has been deleted).

Now, this might be a good thing if the name is an evil spoof, but what
about innocent registrations? What if two separate parties have an
equally legitimate claim on a particular name? This happens a lot in the
ASCII DNS, and basically, whoever got there first (or is willing to pay
a lot of money) wins.

One way to continue to support these innocent duplicates is to use a
different prefix (i.e. something other than xn--) in the new mapping,
and keep the old names (with the old prefix) in the database (instead of
deleting them). This way, the old clients continue to find the old
innocent names.

But what about the new clients? Now they will suddenly end up on a
different Web site when the user clicks on a link. I suppose the user
will just have to update their client, or the domain name owner will
have to register a different name and update all the Web pages to point
to the different name (assuming that they even have control over *all*
of the Web pages that might contain a link to their site).

And so on. Do you get it now? You can't just change the mapping
"whenever" you want. If you do this at all, you do it as few times as
possible.

Now, you may point out that we are just getting started with IDN and
that not very many names have been registered (and I may even agree with
you), but it would still take a while to come up with a better mapping
(and reach consensus on it -- shudder), and in the meantime, more names
would be registered.

And this still would not negate my main point, which is that you can't
do this "whenever" you want.

Erik

• Next message: Erik van der Poel: "Re: [idn] IDN spoofing"
• Previous message: UList@dfa-mail.com: "Codepoint Differentiation"
• Maybe in reply to: Erik van der Poel: "Re: [idn] IDN spoofing"
• Next in thread: Erik van der Poel: "Re: [idn] IDN spoofing"
• Reply: Erik van der Poel: "Re: [idn] IDN spoofing"
• Reply: George W Gerrity: "Re: [idn] IDN spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Mon Feb 21 2005 - 14:04:58 CST