| |||||||||||||
|
| |||||||||||||
New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine)New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine)Posted Feb 23, 2005 13:19 UTC (Wed) by forthy (guest, #1525)In reply to: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine) by ekj Parent article: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine)
"paypal vs. paypaI" (with capital "I" instead of lowercase "l"): That's "solved" with normalizing URLs to all-lowercase letters (paypaI->paypai). Punycode is a bad solution at a real problem. The real problem is that people want (and need) localized URLs. Not so much in the world with latin letters, but the rest is at least as large. The solution simply is wrong: You don't want context-free localized URLs, i.e. you don't want Unicode. My suggestion is to drop punycode, and create a stringent set of transformations into ASCII. If you want a Chinese domain (e.g. for xinhua, the Chinese news service), you get "xinhua.zn". You are allowed to enter that text in Chinese, the transition process makes sure that you can type something like 薪华.中 in your web-browser, and still get what you need (you have to agree on a particular transcript, though). You could still even see what you need when there's a backmapping for the preferred rendering. This should be a DNS entry, i.e. if you buy "xinhua.zn", you can ask for such an entry. The entry has to follow the rules (i.e. it has to forward translate to "xinhua.zn"), and can probably also follow further rules (if it's a .zn domain, e.g. it should be Chinese). BTW LWN: I really wanted these &#xHEX; as above in my text, there's no fucking unescaped & in there. They would show up as unicode Chinese characters to prove my point :-(.
(Log in to post comments)
|
|
||||||||||||