[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] IDN security and ACE leakage

To: "Soobok Lee" <lsb@postel.co.kr>, <idn@ops.ietf.org>
Subject: Re: [idn] IDN security and ACE leakage
From: Martin Duerst <duerst@w3.org>
Date: Sun, 15 Jul 2001 12:54:46 +0900

'l' and '1' and 'I' ('ell' and 'one' and 'upper-case i') are
almost indistinguishable. For security reasons, DNS-capable email
programs (i.e. every email program) may display an email
address using hexadecimal (ACE won't work).

How many programs actually do this?

Regards,   Martin.

At 12:16 01/07/15 +0900, Soobok Lee wrote:
>Latin 'o' and Greek 'o'  are almost indistinguishable ,
>(and I can list up hundreds of such examples.)
>but their ACE labels  often look very different.
>
>For security reasons, IDN-capable email programs
>may display an IDN email address
>  both in its original scripts and in its ACEed form
>  to encourage  instant verification  like this:
>"FullName <i18n-mbox@i18n-hostname.com>" [qq--xxx@bq--yyy.com]
>
>It's more secure but looks ugly. shorter ACE labels may help.
>ACE labels are better than appended hexadecimal dump of utf8 lables
>for this purpose.
>
>Soobok Lee

Prev by Date: Re: [idn] Reality Check
Next by Date: Re: [idn] IDN security and ACE leakage
Prev by thread: [idn] IDN security and ACE leakage
Next by thread: Re: [idn] IDN security and ACE leakage
Index(es):
- Date
- Thread