Re: IDN security violation? Please comment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"JFC (Jefsey) Morfin" <jefsey@xxxxxxxxxx> writes:

> Could not a correct solution be to have an option warning the 
> user/preventing the use when the IRI's IDN part does not use codes 
> belonging to the used language ccTLD IDN table?

I agree that this can be part of the counter-measures to this security
problem.  I encourage application writers to implement that approach,
by using an API that is part of libidn:

http://josefsson.org/libidn/manual/html_node/TLD-Functions.htm

Alas, some ccTLDs doesn't appear to understand the problem.  Perhaps
we can raise awareness of the problem with them.  Then maybe ccTLDs
will publish lists of permitted code points under an acceptable
license.

Thanks,
Simon

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]