[Comments-korean-lgr-25jan18] Problems in K-LGR proposal
Yong-hyu Ban
yhban at quendi.moe
Wed Feb 14 16:36:37 UTC 2018
There are several critical issues in the current K-LGR proposal which
will cause some attack vectors. Also, this proposal is not practical in
current Korean language usage.
First, This proposal may allow homograph attack between Hangul and
Hanja. Homoglyph issue between Hangul and Hanja is well known but this
proposal didn't address that issue correctly.
Here is wiki page which has some list of homoglyphs between Hangul and
Hanja:
https://namu.wiki/w/%EC%95%BC%EB%AF%BC%EC%A0%95%EC%9D%8C?rev=1560#s-2.7
Also, this proposal didn't address homoglyphs in Hanja character set,
which may cause problems in the same way.
Second, Hangul-Hanja mixture causes combination problem. Since
combination grows exponentially in given choices, three-word composed
domain name yields 2^3 possibilities, which causes 8 possible domain
name combination. If domain name registrant missed some of its possible
combinations, an attacker may abuse unregistered combination for
malicious usage like phishing.
Third, their example about Hangul-Hanja mixed usage is quite out of date
and overexaggerated. Section H.4.2 claims some trademarks use
Hangul-Hanja mixture, but they're quite outdated. Samsung does not use
that logo in production anymore. Also, Hyundai does not use that logo.
Kumho and Dusan nither. They switched their trademark to English one or
Korean one or English-Korean mixed one. Section H.6 overexaggerates
status of Hanja education in Korea. In Section H.6.2, it says Hanja will
be used in parallel with Hangul, but it is outdated information. Also,
Hanja education is no longer mandatory in public schools.
Since this proposal overexaggerated Hanja usage in Korea, its usefulness
is overestimated and will be smaller than possible misuses of this proposal.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xD45A08B1C90BFC23.asc
Type: application/pgp-keys
Size: 4837 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/comments-korean-lgr-25jan18/attachments/20180215/6442f543/0xD45A08B1C90BFC23.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/comments-korean-lgr-25jan18/attachments/20180215/6442f543/signature.asc>
More information about the Comments-korean-lgr-25jan18
mailing list