Re: [idn] IDN spoofing

From: William Tan (wil@dready.org)
Date: Mon Feb 21 2005 - 15:51:32 CST

Next message: Doug Ewell: "Re: [idn] IDN spoofing"

Previous message: Doug Ewell: "Re: Codepoint Differentiation"
In reply to: Erik van der Poel: "Re: [idn] IDN spoofing"
Next in thread: Hans Aberg: "Re: [idn] IDN spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Erik van der Poel wrote:

> If the lookalike mapping is not set in stone at the protocol level
> (i.e. embedded in the app), then the registry will have to activate
> *all* the variants, otherwise the app will not be able to look up all
> of them. No?

For many variants, it's good enough to block them from being registered
by phishers. One wouldn't expect the users to type in "coca-co1a.com"
(with latin "1" instead of "l"), right?

> Alternatively, you could embed each registry's lookalike mapping table
> into the app and just activate one of the variants. I feel like I'm
> missing something...
>
That wouldn't be a good idea, for reasons that John explained in an
earlier mail about blacklists.

wil.

Next message: Doug Ewell: "Re: [idn] IDN spoofing"
Previous message: Doug Ewell: "Re: Codepoint Differentiation"
In reply to: Erik van der Poel: "Re: [idn] IDN spoofing"
Next in thread: Hans Aberg: "Re: [idn] IDN spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Mon Feb 21 2005 - 15:52:28 CST