From: Addison Phillips [wM] (aphillips@webmethods.com)
Date: Thu Feb 10 2005 - 19:17:54 CST
> Nah. It's poor design of IDN. They should have disallowed mixing
> characters
> from different scripts in one URL. It wouldn't have ruled out all of the
> problems, but most of them.
I disagree. There are plenty of cases in which scripts are mixed naturally in languages that use non-Latin scripts. For example, many languages use the Latin digits in preference to native script digits. Should we allow the Latin digits into a non-ASCII domain name? Oh, the slippery slope...
For that matter, I can construct a perfect "paypal" string using ONLY Cyrillic letters. Restrictions to one script doesn't prevent the homograph attack. It just requires one to be more clever.
U+0440 U+0430 U+0443 U+0440 U+0430 U+04C0 looks just as good in my browser...
Addison
Addison P. Phillips
Director, Globalization Architecture
http://www.webMethods.com
Chair, W3C Internationalization Core Working Group
http://www.w3.org/International
Internationalization is an architecture.
It is not a feature.
> -----Original Message-----
> From: unicode-bounce@unicode.org
> [mailto:unicode-bounce@unicode.org]On Behalf Of Adam Twardoch
> Sent: 2005年2月10日 16:27
> To: John Hudson; John Burger
> Cc: www-international@w3.org; Unicode Mailing List
> Subject: Re: IDN problem.... :(
>
>
>
> ----- Original Message -----
> From: "John Hudson" <tiro@tiro.com>
>
> > The security issue is simply due to the fact that some characters
> > typically look identical to other characters. So change the appearance.
>
> Nah. It's poor design of IDN. They should have disallowed mixing
> characters
> from different scripts in one URL. It wouldn't have ruled out all of the
> problems, but most of them.
>
> A.
>
>
This archive was generated by hypermail 2.1.5 : Thu Feb 10 2005 - 19:21:43 CST