22 Feb 22:59
Re: Re: nameprep, IDN spoofing and the registries
JFC (Jefsey) Morfin <jefsey <at> jefsey.com>
2005-02-22 21:59:22 GMT
2005-02-22 21:59:22 GMT
At 21:30 22/02/2005, Erik van der Poel wrote: >JFC (Jefsey) Morfin wrote: >>2. could someone list all the Unicode codes to blacklist that way? > >It will take a while to create a relatively complete table of homographs, >but here are a couple of starting points: > >https://bugzilla.mozilla.org/attachment.cgi?id=174139 >https://bugzilla.mozilla.org/show_bug.cgi?id=279099#c192 > >Also, I've been thinking of writing a program that would look at the >"cmap" of every font on a Windows box and check to see which pairs of >Unicodes have the same glyph index (which leads to identical display). This would help. But a ccTLD managing IDNs in computer environment and wanting to avoid any mistake, manages names in most of the case under the ACE format. In ASCII. I am not sure about existing dispute cases, but we consider that two IDNs are different if they have different in ACE format? Anyway, I answer you below. >>3. could someone point a Perl code to use to enter a IDN and to get it >>properly punycoded, which could use such a list. > >I don't know about Perl, but I believe Python has IDN. Thank you, but as I said, I have no resource on this. So what would be great wold be that this list would actually help preparing a Draft - may be someone of more technical skill and competence would be interested in leading it? So we can start working on something real. I listed my pratical needs. I suppose others would have others to add. Stephane is key person in supporting many ccTLDs in real life. I am sure he will be of great help. So would Gervase's with the ability to test in Firefox environment. I have reported the problem and my request on the ccTLD list. I asked about the additional requirements they might have. I will inform this list of any additional demands they may have IRT a practical solution for them. I also documented that my concern was not about the phishing issue but about the ccTLD owns operations. This leaves the legal aside and may be more motivating since their own Registry could be the first victim of a confusion (in Whois display, for example). jfc
RSS Feed