nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dear RIPE: Please don't encourage phishing

From: Neil Harris <neil () tonal clara co uk>
Date: Sun, 12 Feb 2012 01:34:17 +0000
On 12/02/12 00:09, Masataka Ohta wrote:

Neil Harris wrote:


Techniques to deal with this sort of spoofing already exist: see

http://www.mozilla.org/projects/security/tld-idn-policy-list.html

It does not make sense that .COM allows Cyrillic characters:

http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html

i script of a domain name is Cyrillic.

Domain names do not have such property as script.

Is the following domain name:

      CCC.COM

Latin or Cyrillic?


for one quite effective approach.

The only reasonable thing to do is to disable so called
IDN.

                                      Masataka Ohta

PS

Isn't it obvious from the page you referred that IDN is
not internationalization but an uncoordinated
collection of poor localizations?



I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
safer, given that it already exists.

Lots of people have thought about this quite carefully. See RFC 4290 for
a technical discussion of the thinking behind this policy, and RFC 5992
for a policy mechanism designed to resolve the problem you raised in
your example above.

You will notice that the .com domain does not appear on the Mozilla IDN
whitelist.

-- N.
Previous By Date Next
Previous By Thread Next

Current thread: