Re: [alac] Mozilla to switch off IDNs and IRIs.

To: roessler@xxxxxxxxxxxxxxxxxx
Subject: Re: [alac] Mozilla to switch off IDNs and IRIs.
From: Wendy Seltzer <wendy@xxxxxxxxxxx>
Date: Tue, 15 Feb 2005 04:19:26 -0800
Cc: alac@xxxxxxxxx
In-reply-to: <20050215112417.GC6294@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>

At 12:24 PM 2/15/2005 +0100, roessler@xxxxxxxxxxxxxxxxxx wrote:

According to [1], Mozilla and Firefox will switch off IDN (and,
hence, IRI) support for the time being in order to avoid
"payp[lowercase russian a]l.com" like Phishing attacks.

The best approach to fixing this is probably to take a look at the
ICANN IDN registration guidelines and get these fixed.

Or to modify the recommendations on how IDNs are displayed, so allapplications clearly noted that they were showing an IDN. Then, if youweren't expecting an IDN (e.g., when you thought you were looking atpaypal.com and saw [IDN=RU]paypal.com), you'd know something wasfishy. I'm not sure setting up increasingly complicated tables of whatregistration blocks what others is the answer.


--Wendy
who just saw the folks behind this IDN attack

1. http://weblogs.mozillazine.org/gerv/archives/007556.html

Regards,
--
Thomas Roessler, W3C   <tlr@xxxxxx>


--
Wendy Seltzer -- wendy@xxxxxxxxxxx
Electronic Frontier Foundation
Berkman Center for Internet & Society at Harvard Law School
http://cyber.law.harvard.edu/seltzer.html
Chilling Effects: http://www.chillingeffects.org/

Follow-Ups:
- Re: [alac] Mozilla to switch off IDNs and IRIs.
  - From: Thomas Roessler

References:
- [alac] Mozilla to switch off IDNs and IRIs.
  - From: roessler

Prev by Date: [fwd] [stratplan] Meeting Notes (from: Grant.Forsyth@xxxxxxxxxxxxxxxxxxxxxxx)
Next by Date: Re: [alac] Mozilla to switch off IDNs and IRIs.
Previous by thread: [alac] Mozilla to switch off IDNs and IRIs.
Next by thread: Re: [alac] Mozilla to switch off IDNs and IRIs.
Index(es):
- Date
- Thread