Re: [idn] IDN spoofing

From: Erik van der Poel (
Date: Mon Feb 21 2005 - 15:33:13 CST

  • Next message: Doug Ewell: "Re: [idn] IDN spoofing"

    William Tan wrote:
    > As an example, the word "coke" can be represented completely in Cyrillic
    > homographs, so one can generate 16 combinations of ASCII and Cyrillic
    > characters forming strings that look like "coke". When you register
    > "", the other 16 variants are automatically tied to this domain
    > (for free or for a fee). They can be either all activated (put into the
    > zone file) or simply blocked from registration.
    > The good thing about this is that the lookalikes mapping table does not
    > have to be set-in-stone at the protocol level, but individual registries
    > may choose to implement whatever makes sense for them.

    If the lookalike mapping is not set in stone at the protocol level (i.e.
    embedded in the app), then the registry will have to activate *all* the
    variants, otherwise the app will not be able to look up all of them. No?

    Alternatively, you could embed each registry's lookalike mapping table
    into the app and just activate one of the variants. I feel like I'm
    missing something...


    This archive was generated by hypermail 2.1.5 : Mon Feb 21 2005 - 15:34:30 CST