[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Chinese Domain Name Consortium (CDNC) Declaration



Steve,

At 09:35 PM 2/3/2002 -0500, Steven M. Bellovin wrote:
>There'a a good discussion of the security risks of the code point
>problem at http://www.csl.sri.com/users/neumann/insiderisks.html#140

homographic attacks are not new with the IDN effort.

for example, MICROS0FT.COM was done.

For that matter, choice of different top-level domains permits a degree of 
homographic attack.  Try looking at dnso.com, rather than dnso.org.  (No, 
this approach does not qualify precisely as homographic, but it takes 
advantage of a small difference from the real name, hoping that users will 
not notice.  And it does work.)

Hence, the IDN work does not introduce a new risk.

d/


----------
Dave Crocker  <mailto:dcrocker@brandenburg.com>
Brandenburg InternetWorking  <http://www.brandenburg.com>
tel +1.408.246.8253;  fax +1.408.273.6464