[Pkg-kde-bugs-fwd] [Bug 98788] Possible solution to IDN domain spoofing/phising
Peter Thomassen
98788@bugs.kde.org
24 Mar 2005 17:40:51 -0000
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=98788
------- Additional Comments From info peter-thomassen de 2005-03-24 18:40 -------
Referring to comment #43.
Because black-/whitelists introduce additional questions which I thought could be avoided -- we will see.
You spoke about a Japanese native speaker ... If she adds .jp to her whitelist, any protection is gone. And she _will_ add .jpg. Is this good?
But this brought me to another idea: AFAIK all the Unicode characters belong to an subcharset or an "area", i.e. 0x... til 0x... is Cyrillic, 0x... til 0x... is Chinese, another range is Latin. What about whitelists for those ranges? A German user could specify that all Latin characters are ok, a Japanese one could allow her ones ... These ranges are "good", the others are "bad".
Protection (warning window, blocking) could take place for domains which consist of at least one bad range (i.e. mixed Cyrillic and US ASCII, see paypal, or pure Latin if I'm a Japanese speaker). An exception to this is _pure_ US ASCII, which always should be allowed.