[82705] in North American Network Operators' Group
Re: Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homogr aphs Spoofing
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jul 28 10:16:26 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: "Jason Sloderbeck" <jason@positivenetworks.net>
Cc: "Phillip Vandry" <vandry@TZoNE.ORG>, <nanog@merit.edu>
Date: Thu, 28 Jul 2005 16:04:13 +0200
In-Reply-To: <0F7F9A82BB0DBB4396A9F8386D0E061218DA04@pos-exch1.positivenetworks.net>
(Jason Sloderbeck's message of "Thu, 28 Jul 2005 08:26:03 -0500")
Errors-To: owner-nanog@merit.edu
* Jason Sloderbeck:
> Yes, it's recognized by Mozilla and others as the job of the Internet
> Architecture Board (in particular, the IAB-IDN group) to make a final
> decision on how to deal with homographs.
Homographs are a classical example of a PR attack. It's a complete
non-issue. In practice, people don't use domain names to assess the
credibility of web sites. 1/l/I and 0/O are homographs as well, and
the Internet hasn't collapsed as a result.
The really stunning thing about the whole mess is that nobody seems to
grasp that technically, TLDs are not in a position to restrict name
server operators to any character sets in the domain names they use.
After all, I can add any domain name I want to my zone files.
