Re: [alac] Mozilla to switch off IDNs and IRIs.
At 12:24 PM 2/15/2005 +0100, roessler@xxxxxxxxxxxxxxxxxx wrote:
According to [1], Mozilla and Firefox will switch off IDN (and,
hence, IRI) support for the time being in order to avoid
"payp[lowercase russian a]l.com" like Phishing attacks.
The best approach to fixing this is probably to take a look at the
ICANN IDN registration guidelines and get these fixed.
Or to modify the recommendations on how IDNs are displayed, so all
applications clearly noted that they were showing an IDN. Then, if you
weren't expecting an IDN (e.g., when you thought you were looking at
paypal.com and saw [IDN=RU]paypal.com), you'd know something was
fishy. I'm not sure setting up increasingly complicated tables of what
registration blocks what others is the answer.
--Wendy
who just saw the folks behind this IDN attack
1. http://weblogs.mozillazine.org/gerv/archives/007556.html
Regards,
--
Thomas Roessler, W3C <tlr@xxxxxx>
--
Wendy Seltzer -- wendy@xxxxxxxxxxx
Electronic Frontier Foundation
Berkman Center for Internet & Society at Harvard Law School
http://cyber.law.harvard.edu/seltzer.html
Chilling Effects: http://www.chillingeffects.org/