[82469] in North American Network Operators' Group
Re: Non-English Domain Names Likely Delayed
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Jul 19 10:13:48 2005
In-Reply-To: <p06200768bf02a98bb756@[10.0.1.3]>
Cc: NANOG <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Tue, 19 Jul 2005 16:13:16 +0200
To: Brad Knowles <brad@stop.mail-abuse.org>
Errors-To: owner-nanog@merit.edu
On 19-jul-2005, at 15:03, Brad Knowles wrote:
>> The public key crypto that powers the authentication in SSL.
> But that has nothing to do with the DNS.
:-) That's exactly the point: DNS tricks won't buy you anything
(except denial of service) in the presence of SSL.
>> "protecting" users agains the fact that similar
>> looking/sounding names actually map to completely different things
>> ultimately can't be done, so it's better to not do it at all so users
>> get burned by relatively harmless examples of this phenomenon
>> (www.gougle.com and the like) so they understand it and foster the
>> appropriate level of distrust.
> Actually, that's a statement that I can agree with.
Excellent.
> My point was that, if you're going to try to protect the users
> against homophone/homograph attacks, you need to do it in a
> standardized way.
And my point is, that in the absence of a standardized way a non-
standardized way will do temporarily.
> Morover, the standards for controlling that need to be held by
> separate entities from those who are creating the tools which will
> implement those standards -- witness Microsoft's recent downgrading
> of Claria/Gator as a malware vendor, simply because they're looking
> at buying the company.
Sure, why not. I'm not convinced it will help, though. (Giving in to
the conspiracy theorists doesn't work: they'll just think it's a
conspiracy.)
