[82443] in North American Network Operators' Group
Re: Non-English Domain Names Likely Delayed
daemon@ATHENA.MIT.EDU (Crist Clark)
Mon Jul 18 17:43:54 2005
Date: Mon, 18 Jul 2005 14:43:25 -0700
From: Crist Clark <crist.clark@globalstar.com>
In-reply-to: <p0620075fbf01c21075f4@[10.0.1.3]>
Cc: NANOG <nanog@merit.edu>
Reply-To: crist.clark@globalstar.com
Errors-To: owner-nanog@merit.edu
Isn't someone more eloquent than I going to point out that that spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground trains
to prevent bombings? It focuses on one small vulnerability that phishers
exploit, and "fixing" this one vulnerability just may make things worse.
It wastes resources that could go to coming up with a *real* solution, and
it may provide a false sense of security. There are dozens of ways we know
of, and probably more that lie undiscovered, to exploit vulnerabilities in
DNS, browsers, and in human nature to conduct phishing.
Worrying about homographs is probably something about which we should let
the trademark lawyers get there undies in a bunch (knowing ICANN, that
may very well be what's driving this, not phishing worries) while the IT
security community concerns itself with a usable, and actually secure,
end-to-end security model for e-commerce.
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
