IETF Logo Mail Archive

[Idna-update] emoji and security

Asmus Freytag <asmusf@ix.netcom.com> Mon, 12 March 2018 16:48 UTC

Return-Path: <asmusf@ix.netcom.com>
X-Original-To: idna-update@ietfa.amsl.com
Delivered-To: idna-update@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3ABA127735 for <idna-update@ietfa.amsl.com>; Mon, 12 Mar 2018 09:48:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ix.netcom.com; domainkeys=pass (2048-bit key) header.from=asmusf@ix.netcom.com header.d=ix.netcom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYrKBpqJNz06 for <idna-update@ietfa.amsl.com>; Mon, 12 Mar 2018 09:48:24 -0700 (PDT)
Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0B5F127601 for <idna-update@ietf.org>; Mon, 12 Mar 2018 09:48:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ix.netcom.com; s=dk12062016; t=1520873304; bh=Ct3hYjAnxd8Sfav/Er/TOQkkMrcmLuaKZyFS 3YiQuJI=; h=Received:To:From:Subject:Message-ID:Date:User-Agent: MIME-Version:Content-Type:Content-Language:X-ELNK-Trace: X-Originating-IP; b=W4dYcOIjZkOTY7GOpB0d9ZN+ndcAM6b8/PQ6sohYHMBwWh xEesibwku3QphAIH+adKEW8+pjJxYtY2XtPj8MRhdHblteR8IQpjXS8bNl9kcRjnOE3 /0lQql4mq5/XQ5SeAqRnY/MrgLCTZz49srrh0Pgbca7lj6zmQs976eaBX4UMMCNE2PE u/DWpwblrCm7/AyuNEqJizaB11HzgLBvX7G2bY6z0/VtriY1FOF4wC64q45KfbMPn4c 8ksft+K/FrKHPGCZATeAUL/n9eWJnDL9b0MRanHf66febtXDzUS+EySXg9bFGuDGus+ AtrZeHsRYDIz4nM4gWZA0ZUWfgXg==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk12062016; d=ix.netcom.com; b=o1ZXLeqYcVJ8c3kEGm0SRD382QzTNk3O6U0SgYbUI8R6D8DKvIN6I7UCwG7g2l4xU3CVeV1R0x3WF9nmo7zmzB0JhIzG8TTuQTPglTq39T8HCFZEmUf+jkaN49Fq/nttBopUrYD+a0ipK3vAddTzmndWmlwj4GkhYSuqhBf38botyFqHtXtAu8smZSX2qtOwpViDYpkzNaNdoiQk4SgMmBaneQUFVaEGn9g9xmQ6TYHa6vJa+hHU1eTGNVfu8RilUoeDrKdM3KkfZLZOPfeQIDFMz2ZNjwz9Pr4uL7jXnLgHyxEN8+EaPNAqX32K3vKToeamjoDhyz9zcQWuCZGELw==; h=Received:To:From:Subject:Message-ID:Date:User-Agent:MIME-Version:Content-Type:Content-Language:X-ELNK-Trace:X-Originating-IP;
Received: from [71.35.186.204] (helo=[192.168.0.5]) by elasmtp-curtail.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <asmusf@ix.netcom.com>) id 1evQcY-000DgD-Be for idna-update@ietf.org; Mon, 12 Mar 2018 12:48:22 -0400
To: idna-update@ietf.org
From: Asmus Freytag <asmusf@ix.netcom.com>
Message-ID: <533bb471-da9b-64d0-76aa-a8a1251d256b@ix.netcom.com>
Date: Mon, 12 Mar 2018 09:48:23 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------1BF18281E82C8D4F3C9ED790"
Content-Language: en-US
X-ELNK-Trace: 464f085de979d7246f36dc87813833b2c1627926350bb93f01db8aa79b8972de68f5421875f59e27350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.35.186.204
Archived-At: <https://mailarchive.ietf.org/arch/msg/idna-update/hDCq8AJGsmlVxPIW3QgYvqJ48b0>
Subject: [Idna-update] emoji and security
X-BeenThere: idna-update@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Internationalized Domain Names in Applications \(IDNA\) implementation and update discussions" <idna-update.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idna-update>, <mailto:idna-update-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idna-update/>
List-Post: <mailto:idna-update@ietf.org>
List-Help: <mailto:idna-update-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idna-update>, <mailto:idna-update-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 16:48:26 -0000

All,

there's a general consensus that emoji and secure IDNs do not go together.

This is clearly not something that's taken for granted by others.

Read down a few messages in this thread on the Unicode list:

https://www.unicode.org/mail-arch/unicode-ml/y2018-m03/0075.html

to find the suggestion of translating security hash codes into strings
of emoji ostensible for easier verification:

"So that makes
me wonder which one would be quicker for a human to verify on average?
Also, which one is more accurate for a human to verify? I have no idea. For
accuracy, it seems like a lot of thought was put into the visual uniqueness
of Unicode emojis. "

Discuss.

A./

PS: the reason I forwarded this is that many people find something
familiar and  accessible about emoji and will not understand why there
should be more security concerns about them than about a bunch
of bewilderingly similar and complex Chinese ideographs or a bunch
of "dawn-of-time-emoji" aka Hieroglyphics, both of which are PVALID.

v2.8.7 | Report a Bug | By Email