[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(more)Re: [idn] spoofing by combining diacritical marks

To: "Soobok Lee" <lsb@postel.co.kr>, <idn@ops.ietf.org>
Subject: (more)Re: [idn] spoofing by combining diacritical marks
From: "Soobok Lee" <lsb@postel.co.kr>
Date: Thu, 30 Aug 2001 09:36:50 +0900

I found   all unicode characters with some _COMBINING SEMANTICS_
share the same problem.

To list some of them:
  Hangul fillers, Various signs in Hindi(Devanagari) and other Indian scripts,
  Combining Diacrticial Marks

We need some "registration guidelines" informational RFC to inform
zone-masters of this problem.

Soobok Lee

----- Original Message -----
From: "Soobok Lee" <lsb@postel.co.kr>
To: "Soobok Lee" <lsb@postel.co.kr>; <idn@ops.ietf.org>
Sent: Thursday, August 30, 2001 9:19 AM
Subject: Re: [idn] spoofing by combining diacritical marks


> More self-comment:
>
>   Current unicode standard have _no_  normalization rules on
>     repeated <acute>s ( and other diacritical marks)  to prevent them from
>     looking differently according to their positions in unicode strings.
>
>   The second <Acute> in the <acute><Acute> does not display in some
>   cases.
>
>   This problem is somewhat out of IDN WG scope and should be reviewed
>   by relevant  standard organizations.
>
>   Zone masters should be aware of this and filter out  spoofing domains..
>
>  Soobok Lee
>
>
> ----- Original Message -----
> From: "Soobok Lee" <lsb@postel.co.kr>
> To: <idn@ops.ietf.org>
> Sent: Wednesday, August 29, 2001 9:15 AM
> Subject: [idn] spoofing by combining diacritical marks
>
>
> > Hi,
> > To exemplify what JCK pointed out,
> > I took two experiments with two labels with <acute>.
> > Look into the enclosed excerpts.
> >
> > The second  one  has   <acute><acute>,but look the same with single-<acute> one.
> >
> > Does this problem come from the rendering engine (of win2k)
> > or from the definition of <acute> itself ?
> >
> > Soobok Lee
> > ---------------------------------------------------------------------------------------------------------------
> >
> > www.k%u0301ol.com
> >
> > www.ḱol.com
> >
> >
> >
> > www.k%u0301%u0301ol.com
> >
> >
> > www.ḱ́ol.com
> >
> >
> >
> > <html>
> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
> > <body>
> > <Script>
> > str=("www.k%u0301ol.com");
> > document.write("<br><font size=+1 face='Times New Roman'>");
> > document.writeln(str);
> > document.write("<br><p><font size=+3 face='Times New Roman'>");
> > document.writeln(unescape(str)); document.write("</font><br><p>");
> > </script>
> > <Script>
> > str=("www.k%u0301%u0301ol.com");
> > document.write("<br><font size=+1 face='Times New Roman'>");
> > document.writeln(str);
> > document.write("<br><p><font size=+3 face='Times New Roman'>");
> > document.writeln(unescape(str)); document.write("</font><br><p>");
> > </script>
> >
> > http://www.postel.co.kr/etc/f2.html
> >
> >
>

Prev by Date: Re: [idn] spoofing by combining diacritical marks
Next by Date: Re: [idn] opting out of SC/TC equivalence
Prev by thread: [idn] A Search-based access model & SC/TC conversion
Next by thread: Re: [idn] Re: Characters, scripts and words (was: Re: nameprep and others: hangeulchar)
Index(es):
- Date
- Thread