Re: [idn] IDN spoofing

From: William Tan (wil@dready.org)
Date: Mon Feb 21 2005 - 15:51:32 CST

  • Next message: Doug Ewell: "Re: [idn] IDN spoofing"

    Erik van der Poel wrote:

    > If the lookalike mapping is not set in stone at the protocol level
    > (i.e. embedded in the app), then the registry will have to activate
    > *all* the variants, otherwise the app will not be able to look up all
    > of them. No?

    For many variants, it's good enough to block them from being registered
    by phishers. One wouldn't expect the users to type in "coca-co1a.com"
    (with latin "1" instead of "l"), right?

    > Alternatively, you could embed each registry's lookalike mapping table
    > into the app and just activate one of the variants. I feel like I'm
    > missing something...
    >
    That wouldn't be a good idea, for reasons that John explained in an
    earlier mail about blacklists.

    wil.



    This archive was generated by hypermail 2.1.5 : Mon Feb 21 2005 - 15:52:28 CST