[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] case preservation

To: "Dan Ebert" <dan@enic.cc>
Subject: Re: [idn] case preservation
From: "Soobok Lee" <lsb@postel.co.kr>
Date: Wed, 10 Oct 2001 17:12:19 +0900
Cc: <idn@ops.ietf.org>


----- Original Message ----- 
From: "Dan Ebert" <dan@enic.cc>
To: "Soobok Lee" <lsb@postel.co.kr>
Cc: "D. J. Bernstein" <djb@cr.yp.to>; <idn@ops.ietf.org>; "Martin Duerst" <duerst@w3.org>
Sent: Wednesday, October 10, 2001 12:14 AM
Subject: Re: [idn] case preservation


> Soobok Lee wrote:
> > 
> > ----- Original Message -----
> > From: "Martin Duerst" <duerst@w3.org>
> > To: "D. J. Bernstein" <djb@cr.yp.to>; <idn@ops.ietf.org>
> >  >
> > > >It would be better to omit nameprep entirely;
> > > >then users will stick to mechanisms that work, such as clicking on URLs.
> > > >(Bad characters should still be avoided in registrations, of course.)
> > >
> > > Bad character combinations should be avoided with registration.
> > > The only registrations for things like <A-Greek><O-Cyrillic><L-Latin>
> > > will come from spoofers, and the only way such spoofers have
> > > a chance is through clicking on URIs or a similar interface.
> > 
> > You forgot to mention this type :
> > All-cyrillic(or All cherokee) uppercase "SEX,CISCO,ATT,HOME,IBM" have the
> > same look with all-latin uppercase ones.
> 
> But, as Martin said, those links will only be 'used' by spoofers and
> only work via clicking on URIs.  

No. Regimate registrants could own the domains and use them publicly.
Cyrillic 'H'  ( cyrillic upper EN) is read differenly from Latin 'H'.
Cyrillic 'HOME' has nothing to do with English "HOME".

>(Things like this already happen anyway
> ... i.e. Someone registers AOL-billing.foo then spams AOL users asking
> for updated credit card info ...) 

the number of such severe security breaches  and confusions matters. 
AOL and  AOL  versus  AOL and AOL-billing ? not comparable.

>If the spoofed domain were printed on
> paper the end user would (most likely) interpret the characters as Latin
> and type them in accordingly and go to the 'real' site, not the spoofed
> site.

Most Russians would interpret them as Cyrillic ones, while non-Russian would not.

Soobok

> 
> > 
> > SOobok
> > 
> > >
> > >
> > > Regards,    Martin.
> > >
> 
> -- 
> Dan Ebert      <dan@enic.cc>       eNIC Corporation
> -----------------------------------------------------
>  "What is wanted is not the will to believe, but the 
>     will to find out, which is the exact opposite."
>        -- Bertrand Russell, "Skeptical_Essays", 1928
> -----------------------------------------------------
>

Prev by Date: Re: [idn] WG Update
Next by Date: Re: [idn] case preservation
Prev by thread: Re: [idn] case preservation
Next by thread: Re: [idn] case preservation
Index(es):
- Date
- Thread