Re: Dear RIPE: Please don't encourage phishing

[Masataka Ohta <mohta () necom830 hpcl titech ac jp>]

Valdis.Kletnieks () vt edu wrote:

> Doesn't actually matter, because the .ua registry isn't allowing Greek Gamma
> or Latin-E-with-diaresis, in domain names.

Such local conventions have nothing to do with internationalization.

> But quite frankly,
> turning off IDN doesn't fix that problem - greekbank.gr is spoofable
> by greekbank.ua and greekbank.com.

The problem is greekbank.gr is spoofable as greekbank.gr.

> > Is a Russian word containing no unique (unique to ASCII)
> > Cyrillic characters encoded as Latin character using ASCII,
> > even though a Russian word containing unique (whatever unique
> > means) Cyrillic character encoded as Cyrillic characters?
>
> No, it means you get to pick 'all-latin-chars.ua' or 'all-cyrillic-chars.ua'.
> And due to the requirement that a cyrillic name have a special char
> in it, you can's spoof an all-latin-chars.ua name.

That "a cyrillic name have a special char in it" makes it
impossible to have a Cyrillic representation of an Ukrainian
word containing no special chars and is impractical.

> > The only protection is to disable IDN.
>
> You also have to ban the use of numbers in domain names, because you
> need to prevent people being tricked by micros0ft.com and m1crosoft.com.

No, the simple solution against such a simple problem is to
use proper font, because all the people know that '0' and 'o'
are different characters and treat them differently.

                                                Masataka Ohta