"JFC (Jefsey) Morfin" <jefsey@xxxxxxxxxx> writes: > Could not a correct solution be to have an option warning the > user/preventing the use when the IRI's IDN part does not use codes > belonging to the used language ccTLD IDN table? I agree that this can be part of the counter-measures to this security problem. I encourage application writers to implement that approach, by using an API that is part of libidn: http://josefsson.org/libidn/manual/html_node/TLD-Functions.htm Alas, some ccTLDs doesn't appear to understand the problem. Perhaps we can raise awareness of the problem with them. Then maybe ccTLDs will publish lists of permitted code points under an acceptable license. Thanks, Simon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf