[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] IDN security and ACE leakage

To: "Martin Duerst" <duerst@w3.org>, <idn@ops.ietf.org>
Subject: Re: [idn] IDN security and ACE leakage
From: "Soobok Lee" <lsb@postel.co.kr>
Date: Sun, 15 Jul 2001 13:30:57 +0900

For 1 and 'l', choosing a good latin display font set is enough.
and the ambiguity is well known.

But, In IDN context, we have hundreds or more of such ambiguities 
that are too many to educate.

How can we distinguish  katakana 'ro-to.com' and hangul 'ma.com' 
if we haven't learn japanese and korean ?

----- Original Message ----- 
From: "Martin Duerst" <duerst@w3.org>
To: "Soobok Lee" <lsb@postel.co.kr>; <idn@ops.ietf.org>
Sent: Sunday, July 15, 2001 12:54 PM
Subject: Re: [idn] IDN security and ACE leakage


> 'l' and '1' and 'I' ('ell' and 'one' and 'upper-case i') are
> almost indistinguishable. For security reasons, DNS-capable email
> programs (i.e. every email program) may display an email
> address using hexadecimal (ACE won't work).
> 
> How many programs actually do this?
> 
> Regards,   Martin.
> 
> At 12:16 01/07/15 +0900, Soobok Lee wrote:
> >Latin 'o' and Greek 'o'  are almost indistinguishable ,
> >(and I can list up hundreds of such examples.)
> >but their ACE labels  often look very different.
> >
> >For security reasons, IDN-capable email programs
> >may display an IDN email address
> >  both in its original scripts and in its ACEed form
> >  to encourage  instant verification  like this:
> >"FullName <i18n-mbox@i18n-hostname.com>" [qq--xxx@bq--yyy.com]
> >
> >It's more secure but looks ugly. shorter ACE labels may help.
> >ACE labels are better than appended hexadecimal dump of utf8 lables
> >for this purpose.
> >
> >Soobok Lee
>

Prev by Date: Re: [idn] proposals and deadlines
Next by Date: Re: [idn] proposals and deadlines
Prev by thread: Re: [idn] IDN security and ACE leakage
Next by thread: Re: [idn] IDN security and ACE leakage
Index(es):
- Date
- Thread