[149696] in North American Network Operators' Group
Re: Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Sun Feb 12 03:00:48 2012
Date: Sun, 12 Feb 2012 16:59:36 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <192978.1329023607@turing-police.cc.vt.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Valdis.Kletnieks@vt.edu wrote:
> Doesn't actually matter, because the .ua registry isn't allowing Greek Gamma
> or Latin-E-with-diaresis, in domain names.
Such local conventions have nothing to do with internationalization.
> But quite frankly,
> turning off IDN doesn't fix that problem - greekbank.gr is spoofable
> by greekbank.ua and greekbank.com.
The problem is greekbank.gr is spoofable as greekbank.gr.
>> Is a Russian word containing no unique (unique to ASCII)
>> Cyrillic characters encoded as Latin character using ASCII,
>> even though a Russian word containing unique (whatever unique
>> means) Cyrillic character encoded as Cyrillic characters?
>
> No, it means you get to pick 'all-latin-chars.ua' or 'all-cyrillic-chars.ua'.
> And due to the requirement that a cyrillic name have a special char
> in it, you can's spoof an all-latin-chars.ua name.
That "a cyrillic name have a special char in it" makes it
impossible to have a Cyrillic representation of an Ukrainian
word containing no special chars and is impractical.
>> The only protection is to disable IDN.
>
> You also have to ban the use of numbers in domain names, because you
> need to prevent people being tricked by micros0ft.com and m1crosoft.com.
No, the simple solution against such a simple problem is to
use proper font, because all the people know that '0' and 'o'
are different characters and treat them differently.
Masataka Ohta
