IETF Logo Mail Archive

Re: [idn] punctuation

Erik van der Poel <erik@vanderpoel.org> Thu, 24 February 2005 19:58 UTC

Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA07878 for <idn-archive@lists.ietf.org>; Thu, 24 Feb 2005 14:58:50 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1D4P4Q-0007zV-6s for idn-data@psg.com; Thu, 24 Feb 2005 19:54:46 +0000
Received: from [207.115.63.98] (helo=pimout4-ext.prodigy.net) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1D4P4P-0007zE-1B for idn@ops.ietf.org; Thu, 24 Feb 2005 19:54:45 +0000
Received: from [10.1.1.2] (adsl-64-174-147-206.dsl.sntc01.pacbell.net [64.174.147.206]) by pimout4-ext.prodigy.net (8.12.10 milter /8.12.10) with ESMTP id j1OJsQHb209220; Thu, 24 Feb 2005 14:54:31 -0500
Message-ID: <421E30F2.1040408@vanderpoel.org>
Date: Thu, 24 Feb 2005 11:54:26 -0800
From: Erik van der Poel <erik@vanderpoel.org>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: John C Klensin <klensin@jck.com>
CC: tedd <tedd@sperling.com>, idn@ops.ietf.org
Subject: Re: [idn] punctuation
References: <421B8484.3070802@vanderpoel.org> <20050223072837.GA21463~@nicemice.net> <D872CCF059514053ECF8A198@scan.jck.com> <421D8411.9030006@vanderpoel.org> <p06210208be4390618c81@[192.168.0.101]> <421E0D0C.2000309@vanderpoel.org> <p06210202be43c3888991@[192.168.0.101]> <E07CE813AD23B2D95DA0C740@scan.jck.com>
In-Reply-To: <E07CE813AD23B2D95DA0C740@scan.jck.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

John C Klensin wrote:
> We can try
> to restrict characters that are clearly dangerous, adopting, if
> necessary, a view that the fact someone wants to register or use
> a particular string doesn't mean that they are entitled to do
> so.

You can write RFCs, move them to STD status, and jump up and down all 
you want, but you can't stop domain name owners from creating "deep" 
sub-domains with deceptive names that make the important part of the 
name go off the end of the display area.

> We
> can use the UDRP and/or the legal system in various countries to
> push back on those who register deceptive names and on the
> registrars and registries that encourage the registration of
> such names.

The registrars and registries are not the problem. The domain name 
owners are. If a poor individual has created a deceptive name that hurts 
a huge company, that company may go after Microsoft (since it has deep 
pockets) instead of the poor person.

So, the apps' current way of displaying the domain name (right-to-left) 
in left-to-right cultures is the problem. I tried to make the case that 
this is even a problem in the ASCII DNS (regardless of IDN), since 
hyphens are allowed in most DNS implementations. I wonder if a phisher 
would only have to change their own DNS server to get other characters 
(like ASCII slash '/') into the names? Or would many of the DNS clients 
refuse to lookup names containing such characters? (I tried to create a 
name containing ASCII slash yesterday, but my DNS server wouldn't accept 
it.)

Hasn't this stuff been covered in any RFC yet?

Erik

v2.23.0 | Report a Bug | By Email