On 7/24/2011 11:03 PM, Jothan Frakes wrote:
Nice work, Andrzej-
You might want to expose the tæst1234.pl (xn--tst1234-mxa.pl) and taest1234.pl homograph potential in this which is something that has occurred since.
Dear Jothan, I have also commented on the discussion @mozilla.org list. I'm really confused what is the strategy of Mozilla regarding "variants" or look-alike domains. I have no problmem with "æ" and "ae", as well as I have no problem with "O" and "0". It's insane to protect us against any similarities, which will lead to very strange and complicated policies. As I know, nobody in Europe has ever used maliciously the case of "æ" (which is allowed by many ccTLD), so maybe this is a dead-end to explore such cases by security experts? Maybe Mozilla and we should rather focus on real-life examples, not theoretical one? As I mentioned in Singapore, I would prefer discussion based on the list of existing "pairs" of look-alike / variant characters (or combination of characters), not the theoretical discussions of what is variant and what is not. If we create a list "pairs" (including example of U+00E6), we can go through the list and make recommendations. Maybe I'm wrong, but we can make our job much easier and more useful in practice if we follow the EXAMPLES, not DEFINITIONS. Andrzej -- *Dr. Andrzej Bartosiewicz*, CEO & President, Yonita Inc. <http://www.yonita.com> phone (US): +1 650 2493707 phone (Poland): +48 518 235209