[82445] in North American Network Operators' Group
Re: Non-English Domain Names Likely Delayed
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Mon Jul 18 18:04:01 2005
In-Reply-To: <42DC227D.8080002@globalstar.com>
Cc: NANOG <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 19 Jul 2005 00:02:35 +0200
To: crist.clark@globalstar.com
Errors-To: owner-nanog@merit.edu
On 18-jul-2005, at 23:43, Crist Clark wrote:
> Isn't someone more eloquent than I going to point out that that
> spending
> a lot of effort eliminating homographs from DNS to stop phishing is a
> security measure on par with cutting cell service to underground
> trains
> to prevent bombings? It focuses on one small vulnerability that
> phishers
> exploit, and "fixing" this one vulnerability just may make things
> worse.
If you make a bunch of assumptions (SSL certificate chain is ok,
binary is trustworthy, etc) you can be sure that when it says https://
www.blah.com/ in your browser, you're actually communicating with the
entity holding the name www.blah.com in a secure way. So when
something that looks exactly like www.blah.com is in fact different
from www.blah.com, that's a pretty big deal because it breaks the
whole system. So how would fixing this make things worse? And what
else should we be doing instead?
