From: Simon Josefsson (jas@extundo.com)
Date: Mon Feb 14 2005 - 09:51:57 CST
Mark Leisher <mleisher@crl.NMSU.Edu> writes:
> Adam Twardoch wrote:
>> From: "Mark Leisher" <mleisher@crl.NMSU.Edu>
>>
>>> The first time a URL is seen, provide a drop-down list of
>>> homographic variants to choose from and let the user determine the
>>> valid version. The chosen form is then used by default from then
>>> on.
>> Demanding from the user that he/she needs to know and understand the
>> difference between the Kurdish Q and the English Q is defintiely
>> asking WAY too much from the user.
>
> Users looking at the punycode forms of the homographic variants won't have a
> problem distinguishing between the two.
>
> Of course this doesn't really solve the problem. Only simple differences are
> going to be clear to an average user looking at punycode encoded URL's.
I believe that users should ideally never be exposed to the punycode
representation. Solving phishing issues by violating user interface
requirements rarely fly, in my experience.
It seems inevitable that some user education on this issue will be
required, though, since the problem appear to be mostly human-related,
and not technical.
Thanks,
Simon
This archive was generated by hypermail 2.1.5 : Mon Feb 14 2005 - 09:53:01 CST