[vip] Educational session on existing variant practices
Andrzej Bartosiewicz
andrzej at Yonita.com
Mon Jul 25 09:32:12 UTC 2011
On 7/24/2011 11:03 PM, Jothan Frakes wrote:
> Nice work, Andrzej-
>
> You might want to expose the tæst1234.pl (xn--tst1234-mxa.pl) and
> taest1234.pl homograph potential in this which is something that has
> occurred since.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=618051#c12
>
Dear Jothan,
I have also commented on the discussion @mozilla.org list.
I'm really confused what is the strategy of Mozilla regarding "variants"
or look-alike domains. I have no problmem with "æ" and "ae", as well as
I have no problem with "O" and "0". It's insane to protect us against
any similarities, which will lead to very strange and complicated policies.
As I know, nobody in Europe has ever used maliciously the case of "æ"
(which is allowed by many ccTLD), so maybe this is a dead-end to explore
such cases by security experts? Maybe Mozilla and we should rather focus
on real-life examples, not theoretical one?
As I mentioned in Singapore, I would prefer discussion based on the list
of existing "pairs" of look-alike / variant characters (or combination
of characters), not the theoretical discussions of what is variant and
what is not. If we create a list "pairs" (including example of U+00E6),
we can go through the list and make recommendations.
Maybe I'm wrong, but we can make our job much easier and more useful in
practice if we follow the EXAMPLES, not DEFINITIONS.
Andrzej
--
*Dr. Andrzej Bartosiewicz*, CEO & President, Yonita Inc.
<http://www.yonita.com>
phone (US): +1 650 2493707
phone (Poland): +48 518 235209
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/vip/attachments/20110725/e1619afd/attachment.html
More information about the vip
mailing list