IETF Logo Mail Archive

Re: [idn] Mac OS X Safari and IDN spoofing

Erik van der Poel <erik@vanderpoel.org> Fri, 25 March 2005 19:22 UTC

Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA02276 for <idn-archive@lists.ietf.org>; Fri, 25 Mar 2005 14:22:42 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1DEuId-00049H-V8 for idn-data@psg.com; Fri, 25 Mar 2005 19:16:51 +0000
Received: from [207.115.63.77] (helo=pimout1-ext.prodigy.net) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1DEuIc-00048m-OQ for idn@ops.ietf.org; Fri, 25 Mar 2005 19:16:51 +0000
Received: from [10.1.1.2] (adsl-64-174-147-206.dsl.sntc01.pacbell.net [64.174.147.206]) by pimout1-ext.prodigy.net (8.12.10 milter /8.12.10) with ESMTP id j2PJGfmU060668; Fri, 25 Mar 2005 14:16:43 -0500
Message-ID: <42446397.7030100@vanderpoel.org>
Date: Fri, 25 Mar 2005 11:16:39 -0800
From: Erik van der Poel <erik@vanderpoel.org>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Gervase Markham <gerv@mozilla.org>
CC: idn@ops.ietf.org
Subject: Re: [idn] Mac OS X Safari and IDN spoofing
References: <p06210212be663c22ba1c@[10.20.30.249]> <4240917F.30801@mozilla.org> <9271f2a6d20072ae7e9f1cf9e74cce45@seng.cc> <42442A07.2030003@mozilla.org>
In-Reply-To: <42442A07.2030003@mozilla.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 8bit

Gervase Markham wrote:
> James Seng wrote:
>> choose the scripts you use most often that you like to display 
>> normally but otherwise, will display in punycode.
> 
> What sort of effect do you think it will have on IDN acceptance and use 
> if companies using IDN domains know that their domain name will display 
> as gobbledygook in an unknown percentage of their customer's browsers?

Companies, organizations and individuals are permitted to register more 
than one domain name. Companies that operate all over the world may wish 
to register domain names using their local names. It remains to be seen 
whether we will ever reach the point where a large percentage of users 
can view domain names containing characters from their "own" character 
set, but some registrants may wish to register their names now anyway, 
just in case. (Anyone willing to guess what that percentage is at the 
moment?)

I just went to Coca-Cola's site and navigated to their Chinese site to 
try to find out how they "spell" their name in Chinese. I don't know if 
this email is going to work, but here it is: 可口可乐

Then I used IBM's IDN demo to convert it to Punycode: xn--fjqs9k9ab. 
Then I tried the CN and COM domains, and found that the CN one was a 
totally unrelated site, probably a squatter. The COM site was another 
squatter, with "money & sex" in large letters, and "domain names ... for 
sale".

I also tried to find the Taiwanese version of Coca-Cola. Again, this may 
not work: 可口可樂

The Punycode for this is xn--6orxab817t. I tried this name in the TW 
domain and reached Taiwan's NIC, where the Coca-Cola company can now 
register their name for a reasonable price (hopefully). The COM domain 
had another squatter.

So, while we are talking about technical details, squatters are taking 
action...

Erik

PS If I got the Chinese name for Coca-Cola wrong, or the Punycode is 
incorrect, please let me know. This was just an experiment...

v2.23.0 | Report a Bug | By Email