ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

IDN pose a security risk ? (was Re: [ga] The Real World)





Thanks Alex for posting it.

The article title is:
    URLs in Urdu?
    INTERNATIONAL DOMAIN NAMES POSE A NEW SECURITY RISK 
    BY WENDY M. GROSSMAN

The author of article writes:
  On a technical level, homograph URLs are not confusing.
  International domain names depend on Unicode, a standard that
  provides numeric codes for every letter in all scripts worldwide.

As far as I understand, it is not true at least in CJK group 
(Chinese-Japanese-Korean), which is not alphabet based, 
and where Unified Han conflicts with versions of Chinese scripts.
The Unified Han and Unicode system are tied together,
the beginning of Unicode focus on printers, to answer printer's 
industry needs.

Today the CJK community is working together on Unicode usage for IDNs.

More in my briefing paper to the NC IDN TF at:
http://www.dnso.org/clubpublic/nc-idn/Arc00/msg00063.html

We may add to Latin-Cyrillic confusion quoted in the article
that Unicode tables, designed initially for printers, have
also problems even within Latin area. For example the Slavic 
languages code points include characters with double consons, 
like "dz" "cz" .. etc, If you use the basic ASCII for 
say "dz", you will encode two letters as we see it. But there
is also another mean to have exactly the same "dz" printed the same
way, is exist in "Latin Extended B".
There is no means to distinguish the both in printing, therefore
in URL.
I was told by Slavic language linguist that double consons
have been added in Unicode few years ago to prevent the split
of words in inadequate place.

Elisabeth Porteneuve
--

> Date: Thu, 23 May 2002 09:57:41 +0200
> To: "ga@DNSO.org" <ga@dnso.org>
> From: Alexander Svensson <alexander@svensson.de>
> Subject: Re: [ga] The  Real World
> 
> 
> At 22.05.2002 17:15, William S. Lovell wrote:
> >"Need to Know: ICANN CAN'T," Scientific American, 
> >June 2002, p. 21.
> 
> Thanks for forwarding this!
> The "ICANN CAN'T" box accompanies a longer article
> about IDNS security risks. 
> (http://www.sciam.com/2002/0602issue/0602scicit5.html)
> 
> Lauren Weinstein from PFIR says that a regulatory 
> approach will be necessary to prohibit confusing names
> (e.g. homograph names, like microsoft.com incorporating
> Cyrillic "c" and "o") based on the UDRP. "But it will 
> require proactive policing on the part of the registrars, 
> such as VeriSign, something they have typically resisted."
> 
> Best regards,
> /// Alexander
> 
> --
> 
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>