[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: nameprep, IDN spoofing and the registries

To: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>
Subject: Re: [idn] Re: nameprep, IDN spoofing and the registries
From: William Tan <wil@dready.org>
Date: Wed, 23 Feb 2005 10:27:49 +1100
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, Erik van der Poel <erik@vanderpoel.org>, idn@ops.ietf.org
In-reply-to: <6.1.2.0.2.20050222163109.02e51db0@mail.jefsey.com>
References: <BE3FE373.C6C%haberg@math.su.se> <421A3E9C.5020204@vanderpoel.org> <f3aaace6b9037e8383c412d9e24b18db@gwg-associates.com.au> <421AC08F.2030207@vanderpoel.org> <20050222132656.GA13173@nic.fr> <6.1.2.0.2.20050222163109.02e51db0@mail.jefsey.com>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Jefsey,

Which ccTLDs do you intend to propose this experiment? If you don't mind revealing... Have these ccTLDs rolled out IDN implementation? If so, do they currently employ a character table of sorts?\

1. could someone point a "C" source code to carry what has to be carried to filter out the dangerous names? Please help: I have no resource on this.

I'm not sure what exactly you need. If you have the tables it should be fairly trivial to write some functions in C to filter names. Make sure your inputs are properly normalized and just compare the to-be-registered name against your blacklist, reject the name on any match.

2. could someone list all the Unicode codes to blacklist that way?

If character tables are used, they effectively serve as a whitelist. If you wish to disallow any character from being registered, just make sure that it's not on the whitelist.

3. could someone point a Perl code to use to enter a IDN and to get it properly punycoded, which could use such a list.

Try Net::LibIDN (http://spaceship.berlios.de/index.php?page=idn.php) which is a Perl binding for GNU Libidn. It seems to have some support for character inclusion list, not sure about blacklists though.

Regards,
wil.

References:
- Re: [idn] IDN spoofing
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] nameprep, IDN spoofing and the registries
  - From: Erik van der Poel <erik@vanderpoel.org>
- [idn] Re: nameprep, IDN spoofing and the registries
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: [idn] Re: nameprep, IDN spoofing and the registries
  - From: "JFC (Jefsey) Morfin" <jefsey@jefsey.com>

Prev by Date: Re: [idn] Re: nameprep, IDN spoofing and the registries
Next by Date: Re: [idn] upstream and downstream
Previous by thread: Re: [idn] Re: nameprep, IDN spoofing and the registries
Next by thread: Re: [idn] Re: nameprep, IDN spoofing and the registries
Index(es):
- Date
- Thread