[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 98788] Possible solution to IDN domain spoofing/phising
From: Peter Thomassen <info () peter-thomassen ! de>
Date: 2005-03-28 19:46:39
Message-ID: 20050328194639.16893.qmail () ktown ! kde ! org
[Download RAW message or body]
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=98788
------- Additional Comments From info peter-thomassen de 2005-03-28 21:46 -------
Referring to both comment #51 and comment #52:
Good idea, but I think charset-based character checks are better because German \
speakers (ISO-8859-1, Latin-1) usually don't use Celtic characters (ISO-8859-14, \
Latin-8) and vice versa, even though both charsets are Latin-based; there shouldn't \
be any need to mix charsets up. In this case, we really could avoid confusion because \
of an accent.
Section-wise charset mixing is good, but imagine h-p.com (Hewlett-Packard) is \
registered again using another charset for one or both characters. See below.
Configurability:
- Checkbox to enable IDN protection and show the other options (activated by \
default).
- Select list to activate one or more charsets, preventing attacks onto domain names \
that can be imitated using a single charset. By default, only enable the charset \
according to the localization used. Since pure ASCII always is allowed, it is not \
included in the charset list. UTF-8 isn't, too, because it would disable IDN \
protection.
- Radio boxes to allow mixture of charsets
* never (default, this is most secure)
* section-wise
* level-wise (subdomain-wise)
- Maybe a checkbox to enable either only letters (default), or the whole charset \
(including punctuation and special symbols). Although this actually is a registry \
task, we shouldn't trust them ... they can change.
If the last option is not implemented (allowing the whole charset), checks are \
simple: Just try to convert from UTF-8 to one of the good charsets. If this fails, \
trigger a warning.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic