On Fri, Feb 14, 2025 at 1:44 PM Paul Hoffman <phoffman@xxxxxxxxxx> wrote:
On 14 Feb 2025, at 12:26, Brian E Carpenter wrote:
>
> No, but IDN makes it worse. We can be pretty sure that if the ASCII
> part of DNS becomes more resistant to domain name look-alikes, IDNA
> will be exploited instead.
Sorry to be repetitive, but how does this addition to a widely-implemented 15-year-old standard help, particularly with no evidence?
I don't understand the rest of this argument, but I can tell you that any service or application that mixes languages has code for this problem, because some jerk will try to exploit this issue immediately. I know it from Mozilla. This one is more than ten years old:
but also Twitter as well, where people would try to make look-alike usernames.
thanks,
Rob
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
