[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] spoofing by combining diacritical marks

The standard *does* specify the appropriate display behavior for such
circumstances. See http://www.unicode.org/unicode/uni2book/ch02.pdf, Section
2.6.

However, some implementations may not yet implement that behavior.

Mark

—————

Γνῶθι σαυτόν — Θαλῆς
[http://www.macchiato.com]
----- Original Message -----
From: "Soobok Lee" <lsb@postel.co.kr>
To: "Soobok Lee" <lsb@postel.co.kr>; <idn@ops.ietf.org>
Sent: Wednesday, August 29, 2001 17:19
Subject: Re: [idn] spoofing by combining diacritical marks


> More self-comment:
>
>   Current unicode standard have _no_  normalization rules on
>     repeated <acute>s ( and other diacritical marks)  to prevent them from
>     looking differently according to their positions in unicode strings.
>
>   The second <Acute> in the <acute><Acute> does not display in some
>   cases.
>
>   This problem is somewhat out of IDN WG scope and should be reviewed
>   by relevant  standard organizations.
>
>   Zone masters should be aware of this and filter out  spoofing domains..
>
>  Soobok Lee
>
>
> ----- Original Message -----
> From: "Soobok Lee" <lsb@postel.co.kr>
> To: <idn@ops.ietf.org>
> Sent: Wednesday, August 29, 2001 9:15 AM
> Subject: [idn] spoofing by combining diacritical marks
>
>
> > Hi,
> > To exemplify what JCK pointed out,
> > I took two experiments with two labels with <acute>.
> > Look into the enclosed excerpts.
> >
> > The second  one  has   <acute><acute>,but look the same with
single-<acute> one.
> >
> > Does this problem come from the rendering engine (of win2k)
> > or from the definition of <acute> itself ?
> >
> > Soobok Lee
>
> --------------------------------------------------------------------------
-------------------------------------
> >
> > www.k%u0301ol.com
> >
> > www.ḱol.com
> >
> >
> >
> > www.k%u0301%u0301ol.com
> >
> >
> > www.ḱ́ol.com
> >
> >
> >
> > <html>
> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
> > <body>
> > <Script>
> > str=("www.k%u0301ol.com");
> > document.write("<br><font size=+1 face='Times New Roman'>");
> > document.writeln(str);
> > document.write("<br><p><font size=+3 face='Times New Roman'>");
> > document.writeln(unescape(str)); document.write("</font><br><p>");
> > </script>
> > <Script>
> > str=("www.k%u0301%u0301ol.com");
> > document.write("<br><font size=+1 face='Times New Roman'>");
> > document.writeln(str);
> > document.write("<br><p><font size=+3 face='Times New Roman'>");
> > document.writeln(unescape(str)); document.write("</font><br><p>");
> > </script>
> >
> > http://www.postel.co.kr/etc/f2.html
> >
> >
>
>
>