[Cryptography] On those spoofed domain names...
John Ioannidis
ji at tla.org
Sat Mar 10 13:32:44 EST 2018
On Fri, Mar 9, 2018 at 5:50 PM, Ray Dillinger <bear at sonic.net> wrote:
>
>
> accumulation" is not design. It produces piles, not structures. And
> Unicode is a pile.
>
"Piles" as in "haemorrhoids"? :)
While I do not disagree that Unicode is an abomination, it is not Unicode's
fault that the IETF decided that internationalized domain names with native
character sets was a good idea.
We've had these problems problems for a long time, for example with people
confusing an I with an l because MSFT at some point decided that a
sans-serif font was better on the crappy displays of that time, and
everybody is now using sans-serif fonts for email and for browser bars, to
mention only two obvious things that aggravate me. Remember paypa1.com?
The underlying *security* problem is that people trust the name they read.
Or that even if they've read it "correctly" it somehow means something.
That's certainly not Unicode's fault.
/ji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180310/40041fbb/attachment.html>
More information about the cryptography
mailing list