[Pkg-kde-bugs-fwd] [Bug 98788] Possible solution to IDN domain spoofing/phising

[Peter Thomassen]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=98788         




------- Additional Comments From info peter-thomassen de  2005-03-25 20:51 -------
Referring to comment #45.

| 1) whitelisting of TLDs known to be safe -- those that have implemented rules that restrict the characters allowed, such as .de (allows only ä, ö and ü aside from the normal ASCII ones) 

This list may be outdated one day which is bad when a registry eases restrictions.

| 2) blacklisting the TLDs known to be unsafe: .com, .net, .org, .biz, etc. 
|
| 3) on top of 1 & 2, implement per-language list of valid characters outside the ASCII range 

Hm. I think a domain of these unsafe TLDs can be considered safe if it only consists of characters that are valid concerning the per-language list. So why introduce the blacklist which, like #1, may be outdated one day?

| 4) create a list of blacklisted characters (Unicode codepoints that look like /, for instance) 

Even though I deem this a good point, I would not implement it since some IDNs would not be accessible otherwise (even without a warning). Because those characters actually should not be in a per-language list (#3), #3 would trigger a warning anyway.

Isn't the per-language list enough?