- From: Martin Duerst <duerst@w3.org>
- Date: Wed, 05 Jun 2002 14:16:19 +0900
- To: Chris Lilley <chris@w3.org>, www-tag@w3.org
Hello Chris, I'm aware of attacks like these (including the Gabrilovich paper) for quite a while. I plan to discuss these and other security problems in more details in the next IRI draft. Also, the IDNA draft(s) (multilingual domain names) discuss this at quite some length, because some of this is very domain-name specific rather than IRI-specific. As for mentioning this in charmod, on what level/in what place do you think this should be done? I don't think it should go into section 8, because that basically assumes that one reads the IRI spec. But a note in section 7 (string identity matching, http://www.w3.org/TR/2002/WD-charmod-20020430/#sec-IdentityMatching) may be appropriate. What do you think? Regards, Martin. At 17:24 02/05/29 +0200, Chris Lilley wrote: >Hello www-tag, > > Slashdot has picked up a paper from Communications of the ACM about > URL spoofing using Unicode characters. Aparently a research team > registered a domain name that looked like "microsoft.com" but used > two cyrillic letters for "c" and "o". (Not sure how they would do > that, since AFAIK domain names are still ascii). Anyway I thought > that "security" aspect could be mentioned, perhaps, in charmod. > > http://slashdot.org/articles/02/05/28/0142248.shtml?tid=172 > >-- > Chris mailto:chris@w3.org
Received on Wednesday, 5 June 2002 01:18:01 UTC