11 Feb
2012
11 Feb
'12
11:04 a.m.
On 11/02/12 01:16, Masataka Ohta wrote:
Randy Bush wrote:
My $0.02 on this issue is if the message is rich text I hover over the link and see where it actually sends me. idn has made this unsafe I pointed it out at IETF Munich in 1997 that with an example of:
MICROSOFT.COM
where 'C' of MICROSOFT is actually a Cyrillic character.
But, people insisted working on useless IDN.
Masataka Ohta
Techniques to deal with this sort of spoofing already exist: see http://www.mozilla.org/projects/security/tld-idn-policy-list.html for one quite effective approach. -- Neil