This cacologic however might be a good way to solve the IDN
homograph issue
and the phishing problem.
I have been spending most of my time on the phishing problem for three
years. I have yet to see a phishing gang use the DNS IDN loophole for a
phishing attack.
This is probably because the issue was an administrative one, the cert
should never have issued and in the wake of the paper the CAs I have
talked to have all corrected the issue.
The lookalike DNS name problem was known before the design of SSL
started, remember Micros0ft.com?
Today the phishing gangs use bigbank-security.com or bigbank-corp.com or
something similar. They are not going to use IDN DNS names until the
application support is much much more comprehensive by which time the
strategy will have changed.
So in summary no, 'solving' the homolog issue is irrelevant to current
phishing issues and by the time it is relevant I hope that we would no
longer think it is a good idea to try to train users to recognise DNS or
X.500 names as security indicata. We need to make security much more
informative and usable if we want it to be used.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf