"JFC (Jefsey) Morfin" <jefsey(_at_)jefsey(_dot_)com> writes:
Could not a correct solution be to have an option warning the
user/preventing the use when the IRI's IDN part does not use codes
belonging to the used language ccTLD IDN table?
I agree that this can be part of the counter-measures to this security
problem. I encourage application writers to implement that approach,
by using an API that is part of libidn:
http://josefsson.org/libidn/manual/html_node/TLD-Functions.htm
Alas, some ccTLDs doesn't appear to understand the problem. Perhaps
we can raise awareness of the problem with them. Then maybe ccTLDs
will publish lists of permitted code points under an acceptable
license.
Thanks,
Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf