From: Neil Harris (email@example.com)
Date: Thu Oct 05 2006 - 19:27:42 CST
Philippe Verdy wrote:
> From: "Neil Harris" <firstname.lastname@example.org>
>> UTR #36 and UTR #39 have a very detailed treatment of the all the issues
>> Notice that implementing these constraints on a per-label basis has no
>> bearing at all on script-mixing between different labels in a FQDN,
>> which is not a security problem, and that nothing in the above policy
>> need stop labels from any of a number of different individual character
>> sets from being issued in the same zone, providing care is taken to
>> block or bundle possible collisions.
>> Politics shouldn't be the issue here: individual domain operators and
>> their users should all have a common interest in preventing homograph
>> attacks, and these techniques can work effectively regardless of
>> political issues.
> One problem of this RFC is that the current format for the database of confusables supported as equivalents by a registry is NOT integrated in the DNS so that it can scale widely.
> I would better expect a format that can be integrated completely as DNS records, possibly with a new DNS record type, simple to parse, and where each DNS server may cache reliably by a reference to a authoritative DNS server maintained by the registry (or the domain administrator if this is in a private domain).
Having a reliable way of getting hold of the character set information
for a given domain without needing to rely on a central registry would
be very useful, regardless of whether or not your policy was archived
This archive was generated by hypermail 2.1.5 : Thu Oct 05 2006 - 19:30:20 CST