On 03:36 09/02/2005, Mark Davis said:
I want to also bring the UTR #36 Security Considerations for the
Implementation of Unicode and Related Technology. Although still draft, we
will be fleshing it out over time. Feedback is welcome.
http://www.unicode.org/reports/tr36/
Brillant.
I think the danger is in the faked IRI usage. And the first way to protect
the IRI is to alert on non permitted codes being used in the IDN part (this
is where the spoofing is carried). I do not buy Jon's argument that
filtering IRI against ccTLD Tables would be too much expensive: yes for
each application, but this is precisely a job for OPES.
Question: what would be the load of a file giving for each code its
availability in each ccTLD table for each script? And how does that compare
with the 1.5 Meg base of my anti-virus?
jfc
â??Mark
----- Original Message -----
From: "James Seng" <james(_at_)seng(_dot_)sg>
To: "JFC (Jefsey) Morfin" <jefsey(_at_)jefsey(_dot_)com>
Cc: <paf(_at_)cisco(_dot_)com>; <ietf(_at_)ietf(_dot_)org>;
<Marc(_dot_)Blanchet(_at_)viagenie(_dot_)qc(_dot_)ca>;
<phoffman(_at_)imc(_dot_)org>; <amc(_at_)nicemice(_dot_)net>
Sent: Tuesday, February 08, 2005 07:21
Subject: Re: IDN security violation? Please comment
> For the 5th time today, it is already documented in RFC 3490.
>
> http://james.seng.cc/archives/2005/02/08/idn_and_homographs_spoofing.html
>
> JFC (Jefsey) Morfin wrote:
> > May be IDN specialists will want to comment this.
> > http://www.shmoo.com/idn/homograph.txt
> > Is this exact? This is urgent as the IRI is based upon IDN and support
> > of multilingualism is a WSIS priority and comments for the WGIG are to
> > close the day after tomorrow.
> > Thank you.
> > jfc
>
> _______________________________________________
> Ietf mailing list
> Ietf(_at_)ietf(_dot_)org
> https://www1.ietf.org/mailman/listinfo/ietf
>
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf