[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] spoofing by combining diacritical marks
More self-comment:
Current unicode standard have _no_ normalization rules on
repeated <acute>s ( and other diacritical marks) to prevent them from
looking differently according to their positions in unicode strings.
The second <Acute> in the <acute><Acute> does not display in some
cases.
This problem is somewhat out of IDN WG scope and should be reviewed
by relevant standard organizations.
Zone masters should be aware of this and filter out spoofing domains..
Soobok Lee
----- Original Message -----
From: "Soobok Lee" <lsb@postel.co.kr>
To: <idn@ops.ietf.org>
Sent: Wednesday, August 29, 2001 9:15 AM
Subject: [idn] spoofing by combining diacritical marks
> Hi,
> To exemplify what JCK pointed out,
> I took two experiments with two labels with <acute>.
> Look into the enclosed excerpts.
>
> The second one has <acute><acute>,but look the same with single-<acute> one.
>
> Does this problem come from the rendering engine (of win2k)
> or from the definition of <acute> itself ?
>
> Soobok Lee
> ---------------------------------------------------------------------------------------------------------------
>
> www.k%u0301ol.com
>
> www.ḱol.com
>
>
>
> www.k%u0301%u0301ol.com
>
>
> www.ḱ́ol.com
>
>
>
> <html>
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
> <body>
> <Script>
> str=("www.k%u0301ol.com");
> document.write("<br><font size=+1 face='Times New Roman'>");
> document.writeln(str);
> document.write("<br><p><font size=+3 face='Times New Roman'>");
> document.writeln(unescape(str)); document.write("</font><br><p>");
> </script>
> <Script>
> str=("www.k%u0301%u0301ol.com");
> document.write("<br><font size=+1 face='Times New Roman'>");
> document.writeln(str);
> document.write("<br><p><font size=+3 face='Times New Roman'>");
> document.writeln(unescape(str)); document.write("</font><br><p>");
> </script>
>
> http://www.postel.co.kr/etc/f2.html
>
>