> This cacologic however might be a good way to solve the IDN > homograph issue > and the phishing problem. I have been spending most of my time on the phishing problem for three years. I have yet to see a phishing gang use the DNS IDN loophole for a phishing attack. This is probably because the issue was an administrative one, the cert should never have issued and in the wake of the paper the CAs I have talked to have all corrected the issue. The lookalike DNS name problem was known before the design of SSL started, remember Micros0ft.com? Today the phishing gangs use bigbank-security.com or bigbank-corp.com or something similar. They are not going to use IDN DNS names until the application support is much much more comprehensive by which time the strategy will have changed. So in summary no, 'solving' the homolog issue is irrelevant to current phishing issues and by the time it is relevant I hope that we would no longer think it is a good idea to try to train users to recognise DNS or X.500 names as security indicata. We need to make security much more informative and usable if we want it to be used. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf