Nice work, Andrzej-
You might want to expose the tæst1234.pl (xn--tst1234-mxa.pl) and
taest1234.pl homograph potential in this which is something that has
occurred since.
https://bugzilla.mozilla.org/show_bug.cgi?id=618051#c12
Dear Jothan,
I have also commented on the discussion @mozilla.org
list.
I'm really confused what is the strategy of Mozilla regarding
"variants" or look-alike domains. I have no problmem with "æ" and
"ae", as well as I have no problem with "O" and "0". It's insane to
protect us against any similarities, which will lead to very strange
and complicated policies.
As I know, nobody in Europe has ever used maliciously the case of
"æ" (which is allowed by many ccTLD), so maybe this is a dead-end to
explore such cases by security experts? Maybe Mozilla and we should
rather focus on real-life examples, not theoretical one?
As I mentioned in Singapore, I would prefer discussion based on the
list of existing "pairs" of look-alike / variant characters (or
combination of characters), not the theoretical discussions of what
is variant and what is not. If we create a list "pairs" (including
example of U+00E6), we can go through the list and make
recommendations.
Maybe I'm wrong, but we can make our job much easier and more useful
in practice if we follow the EXAMPLES, not DEFINITIONS.
Andrzej
-- Dr. Andrzej Bartosiewicz, CEO & President, Yonita Inc.
phone (US): +1 650 2493707
phone (Poland): +48 518 235209