<<< Date Index >>>     <<< Thread Index >>>

Re: [alac] Mozilla to switch off IDNs and IRIs.



At 12:24 PM 2/15/2005 +0100, roessler@xxxxxxxxxxxxxxxxxx wrote:
According to [1], Mozilla and Firefox will switch off IDN (and,
hence, IRI) support for the time being in order to avoid
"payp[lowercase russian a]l.com" like Phishing attacks.

The best approach to fixing this is probably to take a look at the
ICANN IDN registration guidelines and get these fixed.

Or to modify the recommendations on how IDNs are displayed, so all applications clearly noted that they were showing an IDN. Then, if you weren't expecting an IDN (e.g., when you thought you were looking at paypal.com and saw [IDN=RU]paypal.com), you'd know something was fishy. I'm not sure setting up increasingly complicated tables of what registration blocks what others is the answer.

--Wendy
who just saw the folks behind this IDN attack


1. http://weblogs.mozillazine.org/gerv/archives/007556.html

Regards,
--
Thomas Roessler, W3C   <tlr@xxxxxx>

--
Wendy Seltzer -- wendy@xxxxxxxxxxx
Electronic Frontier Foundation
Berkman Center for Internet & Society at Harvard Law School
http://cyber.law.harvard.edu/seltzer.html
Chilling Effects: http://www.chillingeffects.org/