[149686] in North American Network Operators' Group
Re: Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (Neil Harris)
Sat Feb 11 20:35:29 2012
Date: Sun, 12 Feb 2012 01:34:17 +0000
From: Neil Harris <neil@tonal.clara.co.uk>
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
In-Reply-To: <4F370332.4050709@necom830.hpcl.titech.ac.jp>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/02/12 00:09, Masataka Ohta wrote:
> Neil Harris wrote:
>
>> Techniques to deal with this sort of spoofing already exist: see
>>
>> http://www.mozilla.org/projects/security/tld-idn-policy-list.html
> It does not make sense that .COM allows Cyrillic characters:
>
> http://www.iana.org/domains/idn-tables/tables/com_cyrl_1.0.html
>
> i script of a domain name is Cyrillic.
>
> Domain names do not have such property as script.
>
> Is the following domain name:
>
> CCC.COM
>
> Latin or Cyrillic?
>
>> for one quite effective approach.
> The only reasonable thing to do is to disable so called
> IDN.
>
> Masataka Ohta
>
> PS
>
> Isn't it obvious from the page you referred that IDN is
> not internationalization but an uncoordinated
> collection of poor localizations?
>
I'm not a flag-waver for IDN, so much as a proponent of ways to make IDN
safer, given that it already exists.
Lots of people have thought about this quite carefully. See RFC 4290 for
a technical discussion of the thinking behind this policy, and RFC 5992
for a policy mechanism designed to resolve the problem you raised in
your example above.
You will notice that the .com domain does not appear on the Mozilla IDN
whitelist.
-- N.
