ietf
[Top] [All Lists]

Re: IDN security violation? Please comment

2005-02-08 20:13:40
On 03:36 09/02/2005, Mark Davis said:
I want to also bring the UTR #36 Security Considerations for the
Implementation of Unicode and Related Technology. Although still draft, we
will be fleshing it out over time. Feedback is welcome.
http://www.unicode.org/reports/tr36/

Brillant.

I think the danger is in the faked IRI usage. And the first way to protect the IRI is to alert on non permitted codes being used in the IDN part (this is where the spoofing is carried). I do not buy Jon's argument that filtering IRI against ccTLD Tables would be too much expensive: yes for each application, but this is precisely a job for OPES.

Question: what would be the load of a file giving for each code its availability in each ccTLD table for each script? And how does that compare with the 1.5 Meg base of my anti-virus?
jfc


â??Mark

----- Original Message -----
From: "James Seng" <james(_at_)seng(_dot_)sg>
To: "JFC (Jefsey) Morfin" <jefsey(_at_)jefsey(_dot_)com>
Cc: <paf(_at_)cisco(_dot_)com>; <ietf(_at_)ietf(_dot_)org>; 
<Marc(_dot_)Blanchet(_at_)viagenie(_dot_)qc(_dot_)ca>;
<phoffman(_at_)imc(_dot_)org>; <amc(_at_)nicemice(_dot_)net>
Sent: Tuesday, February 08, 2005 07:21
Subject: Re: IDN security violation? Please comment


> For the 5th time today, it is already documented in RFC 3490.
>
> http://james.seng.cc/archives/2005/02/08/idn_and_homographs_spoofing.html
>
> JFC (Jefsey) Morfin wrote:
> > May be IDN specialists will want to comment this.
> > http://www.shmoo.com/idn/homograph.txt
> > Is this exact? This is urgent as the IRI is based upon IDN and support
> > of multilingualism is a WSIS priority and comments for the WGIG are to
> > close the day after tomorrow.
> > Thank you.
> > jfc
>
> _______________________________________________
> Ietf mailing list
> Ietf(_at_)ietf(_dot_)org
> https://www1.ietf.org/mailman/listinfo/ietf
>


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf