Re: Attack vectors through Unassigned Code Points in IDN

From: John H. Jenkins (jenkins@apple.com)
Date: Wed Mar 18 2009 - 12:42:59 CST

  • Next message: Kenneth Whistler: "Re: Attack vectors through Unassigned Code Points in IDN"

    On Mar 17, 2009, at 11:05 PM, Chris Weber wrote:

    > In Iím reading RFC 3491 correctly, then IDNA allows for unassigned
    > code points to exist in strings and domain names. This makes
    > spoofing attacks possible when one these code points donít have
    > associated glyphs and basically show up as white space.

    If a system has no font that will cover a certain character, it should
    not be showing white space. Typically you'll see boxes of some sort,
    which is the better thing to do, as it lets the user know that there's
    something there.

    =====
    John H. Jenkins
    jenkins@apple.com



    This archive was generated by hypermail 2.1.5 : Wed Mar 18 2009 - 12:44:34 CST