Re: IDN problem.... :(

Addison Phillips [wM] wrote:

>>Nah. It's poor design of IDN. They should have disallowed mixing 
>>characters from different scripts in one URL. It wouldn't have ruled out 
>>all of the problems, but most of them.
>I disagree. There are plenty of cases in which scripts are mixed 
>naturally in languages that use non-Latin scripts. For example, many 
>languages use the Latin digits in preference to native script digits. 
>Should we allow the Latin digits into a non-ASCII domain name? Oh, the 
>slippery slope...
>For that matter, I can construct a perfect "paypal" string using ONLY 
>Cyrillic letters. Restrictions to one script doesn't prevent the homograph 
>attack. It just requires one to be more clever.
>U+0440 U+0430 U+0443 U+0440 U+0430 U+04C0 looks just as good in my browser...
My, that's ingenious. If I was paypal, I'd be rushing to register all 
those domains right now. Could you please have a look at the discussion 
that's been going on on Bugzilla regarding the Mozilla and Firefox aspects 
of this problem? It's at

Yes, we thought of preventing script mixing (but making a special case for 
the digits and hyphen-minus), but your example is rather alarming.

-- Neil

Received on Monday, 14 February 2005 00:53:18 UTC