From: Peter Kirk (peterkirk@qaya.org)
Date: Mon Feb 21 2005 - 05:10:02 CST
On 20/02/2005 01:37, Erik van der Poel wrote:
> ...
>
>> All that this shows is that there is no easy answer to the spoofing
>> problem. At least, a simplistic ban on mixed scripts doesn't work. A
>> confusables mapping might provide a solution, but I have seen no good
>> suggestions on how this might be presented to an end user.
>
>
> I have high hopes for Neil Harris' algorithm, involving looking for
> strings that consist entirely of homographs, within a context where
> those would not be expected. The feedback to the user could be to
> simply leave those domain names in Punycode form. Hopefully, the user
> will look at the domain name before typing in a credit card number.
>
A good algorithm would certainly help. But presenting Punycode versions
to the user would not. In fact it would be counter-productive in a
Cyrillic environment, because an all-ASCII spoof (e.g. pycckoe.ru) of a
genuine cyrillic name would appear unchanged in Punycode and so look
like the real thing, whereas the real thing would become unreadable
Punycode.
-- Peter Kirk peter@qaya.org (personal) peterkirk@qaya.org (work) http://www.qaya.org/ -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.2.0 - Release Date: 21/02/2005
This archive was generated by hypermail 2.1.5 : Mon Feb 21 2005 - 05:11:35 CST