[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] IDN security and ACE leakage

To: "Yves Arrouye" <yves@realnames.com>, <idn@ops.ietf.org>
Subject: Re: [idn] IDN security and ACE leakage
From: "Soobok Lee" <lsb@postel.co.kr>
Date: Fri, 20 Jul 2001 09:42:19 +0900

Hi,
----- Original Message ----- 
From: "Yves Arrouye" <yves@realnames.com>
To: <idn@ops.ietf.org>
Sent: Friday, July 20, 2001 8:30 AM
Subject: RE: [idn] IDN security and ACE leakage

> I think this is an issue we'll have to live with. I don't think displaying
> ACE, or  hexadecimal, would help. Unless you expect people to remember the
> ACE labels for all the people they deal with and whose identity needs to be
> established. 

ACE or hex dump should be an "AUXILIARY" representation of IDN, 
supplementing native-script representation.

But, for me,
Arabic domain names seem as randomly-gererated string as hexdump string.
Displaying arabic names in its native-scripts  does not help me to identify or
differentiate the site from others. (I would call it "utf8 leakage".)

>I believe that if you need this kind of authentication, other
> existing solutions like digital signatures are more likely to solve your
> needs.
> 

In your argument,
There is a "Missing link" between automatic digital
signature verification and  its "human" association with 
"often undistinguishable or unrecognizable" 
IDN email/site name.

Moreover, scam email account owners are often able to get  
his/her personal email certificate issued without any face-to-face 
authentication from major certificate vendors.  

But, I believe  encouraging using digital signatures will make internet
more secure.

Soobok

> YA
>

Prev by Date: Re: [idn] Debunking the ACE myth
Next by Date: Re: [idn] Debunking the ACE myth
Prev by thread: RE: [idn] IDN security and ACE leakage
Next by thread: [idn] Summary of support for UDNS
Index(es):
- Date
- Thread