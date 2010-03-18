18/03/10/1125250 story
posted by martyb on Sunday March 11, @10:39AM
from the söylêntnéws.org dept.
Brian Krebs writes on how browsers choose to display IDN. The issue here is of course spoofing valid URLs with visually similar letters. You probably would notice the lame attempt in the department line but some of the international characters are very similar or indeed identical. Depending on your personal preferences it might be a good idea to use punycode instead. Could save you a headache later.
https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/
Here are some of the applicable RFCs:
- RFC 3490 - Internationalizing Domain Names in Applications (IDNA)
- RFC 3491 - Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
- RFC 3492 - Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)
- RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax
- RFC 4690 - Review and Recommendations for Internationalized Domain Names (IDNs)
- RFC 5890 - Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
- RFC 5891 - Internationalized Domain Names in Applications (IDNA): Protocol
- RFC 5892 - The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)
- RFC 5893 - Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)
- RFC 5894 - Internationalized Domain Names for Applications (IDNA): Background, Explanation, and Rationale
(Score: 2) by martyb on Sunday March 11, @11:13AM (4 children)
As the person who performed the testing of the implementation of UTF-8 and Unicode support on SoylentNews, I am curious what experiences other Soylentils may have in this area.
How did you perform your testing?
What tools did you find helpful?
What test data or even test suites did you use?
Besides the RFCs, what other documents did you find helpful or instructive?
(Score: 1, Troll) by FatPhil on Sunday March 11, @11:44AM (2 children)
(Score: 2) by FatPhil on Sunday March 11, @12:11PM
Modding me "troll" for simply stating my *entirely justifiable* opinion is cowardly.
The fact that punycode exists is all the proof you need that DNS was never intended to support non-ASCII. The second someone mentioned the idea of expanding the alphabet the wiser thinkers said "you'll get spoofing if you do that" - that was decades ago. We, or they, didn't listen, and now we've got an unresolvable mess, just because some PC types wanted to be "inclusive". Fuck inclusivity - which bit of "<letter> ::= any one of the 52 alphabetic characters A through Z in upper case and a through z in lower case" do you fail to understand?
(Score: 2) by maxwell demon on Sunday March 11, @12:16PM
Well, the biggest problem with inventing your own internet is getting other people build and to use it. I think I'll finish my work on a time machine first. ;-)
(Score: 2) by c0lo on Sunday March 11, @11:56AM
(Score: 2) by c0lo on Sunday March 11, @11:53AM
