From: gpw@uniserve.com
Date: Sun Feb 13 2005 - 04:47:51 CST
Quoting "Mark E. Shoulson" <mark@kli.org>:
> Mark Leisher wrote:
>
> > The first time a URL is seen, provide a drop-down list of homographic
> > variants to choose from and let the user determine the valid version.
> > The chosen form is then used by default from then on.
>
> Um, this is actually a very *good* idea, I think. If I'm about to click
> on "paypal.com" and my browser shows me (on the status line, where I
> always look, or else in a tooltip) that I'm about to go to
> xn--paypl-7ve.com, that probably is a pretty good warning. It won't be
> perfect, and won't catch, say, using non-Latin characters from one
> script to spoof those in another non-Latin, but even if people know
> little about Punycode, they ought to be able to see that the URL doesn't
> look right.
I fear that all of these ideas for issuing warnings or marking the
dubious constructs in some browser status region are only going to
be of help to the small percentage of people who are savvy enough
to understand the problem. The vast majority of users disable/click
through a sea of warnings either through ignorance, a low security
stance or because some more technical person told them to ignore it.
Thus the great penetration of malware, spam and non-IDN phishing
scams.
Geoffrey
This archive was generated by hypermail 2.1.5 : Sun Feb 13 2005 - 04:48:56 CST