Re: Dear RIPE: Please don't encourage phishing

[Sven Olaf Kamphuis <sven () cb3rob net>]

as if it wasn't annoying enough already that some n00bs are using URI's 
with characters you can't type in (and in most cases don't even display 
correctly), icann has a better idea! hostnames you can't type in!

all those struggeling regimes that want to keep local control over our 
internets are gonna be so proud of them :P

(and that despite the fact that it's perfectly well possible to write -any 
language out there- in the first 7 bits of ascii)

yay, a step back in time, everyone back to their cave and write on the 
wall with a piece of stone in characters nobody can read!

so far for progress...

we used to develop stuff so that people could communicate with one 
another, whatever went wrong, when did it move to "preventing people from 
communicating with one another"...

i don't have keyboards with a million or so keys on it, do you?

and no, i don't know the alt-codes for weird russian or japanese crap.

if we wanted local shit only, we could just have stuck with tv and radio 
and telephones and fax machines.

so; we're not implementing any of that, we'll deliberately make any 
software we produce go nuts on it and cause errors all over the place, and 
we strongly urge any nerd out there to do exactly the same.


On Sun, 12 Feb 2012, Neil Harris wrote:

> On 12/02/12 00:09, Masataka Ohta wrote:
> > Neil Harris wrote:
> >
> > > Techniques to deal with this sort of spoofing already exist: see
> > >
> > > http://www.mozilla.org/projects/security/tld-idn-policy-list.html
> > It does not make sense that .COM allows Cyrillic characters:
> >
> > http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html
> >
> > i script of a domain name is Cyrillic.
> >
> > Domain names do not have such property as script.
> >
> > Is the following domain name:
> >
> >         CCC.COM
> >
> > Latin or Cyrillic?
> >
> > > for one quite effective approach.
> > The only reasonable thing to do is to disable so called
> > IDN.
> >
> >                                         Masataka Ohta
> >
> > PS
> >
> > Isn't it obvious from the page you referred that IDN is
> > not internationalization but an uncoordinated
> > collection of poor localizations?
>
> I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
> safer, given that it already exists.
>
> Lots of people have thought about this quite carefully. See RFC 4290 for
> a technical discussion of the thinking behind this policy, and RFC 5992
> for a policy mechanism designed to resolve the problem you raised in
> your example above.
>
> You will notice that the .com domain does not appear on the Mozilla IDN
> whitelist.
>
> -- N.