[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] upstream and downstream

To: IETF idn working group <idn@ops.ietf.org>
Subject: Re: [idn] upstream and downstream
From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 21 Feb 2005 23:37:20 +0000
In-reply-to: <20050221045311.GC31308~@nicemice.net>
Organization: mozilla.org
References: <4218A1D0.2040703@vanderpoel.org> <002c01c51770$b0f74be0$030aa8c0@DEWELL> <421746D7.4070102@vanderpoel.org> <42176970.3050704@vanderpoel.org> <20050219214029.GA5457~@nicemice.net> <4217D4DA.4000908@vanderpoel.org> <20050220110817.GD14603~@nicemice.net> <4218A1D0.2040703@vanderpoel.org> <20050220234256.GB31308~@nicemice.net> <4219249A.9060306@mozilla.org> <20050221045311.GC31308~@nicemice.net>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Adam M. Costello wrote:

Please think twice before creating a precedent of a browser completely blackholing a technically valid (albeit devious) site.

If the site is devious, what possible benefit is there in allowing the user access to it?

If someone came up with a valid use for this character in IDNs, that would be different.

My initial list includes the homographs of ":", ".", "/" and probably "\" too, plus all the space characters.
I imagine you'd want all the characters that could immediately follow
the host name in a URI, so add "?" and "#" to that list.

Yes. It is looking a bit like "all punctuation", isn't it? But then, I bet there are some characters which look like punctuation. The Chinese character for the number 1 looks fairly like a hyphen.

P.S. Of course, the slash homograph attack wouldn't fool the Firefox
SSL domain security indicator anyway, which would still display the
entire domain, fake slashes and all.


Yes, but do users understand what that indicator means?  If they see
foo.com/bar.baz.xx in the indicator, do they understand that it is
unrelated to foo.com?

Well, it would certainly be different to all the other times they'd visited mybank.com, so hopefully that would give them some pause.

Gerv

Follow-Ups:
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>

References:
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Doug Ewell" <dewell@adelphia.net>
- [idn] RRP and language tags
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- Re: [idn] upstream and downstream
  - From: Gervase Markham <gerv@mozilla.org>
- Re: [idn] upstream and downstream
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>

Prev by Date: Re: [idn] upstream and downstream
Next by Date: Re: [idn] upstream and downstream
Previous by thread: Re: [idn] upstream and downstream
Next by thread: Re: [idn] upstream and downstream
Index(es):
- Date
- Thread