[Pkg-kde-bugs-fwd] [Bug 98788] Possible solution to IDN domain spoofing/phising
Thiago Macieira
98788@bugs.kde.org
28 Mar 2005 14:09:15 -0000
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=98788
------- Additional Comments From thiago kde org 2005-03-28 16:09 -------
You have raised a point I had forgotten about: the one label, one script rule -- what you proposed in comment #44.
So, a set of letter and letter-like glyphs glued together must belong all to the same script, or a warning is triggered. That way, Russian-speakers will still be warned if a Cyrillic A (a valid character for their script) is found in the middle of a Latin-based label, such as the paypal case.
Now, having said that, it is possible to accomplish that with the language list: the label must be either all ASCII, or fall within the language rules. So, for Greek speakers, it must be either be entirely written in ASCII, or entirely written in Greek.
This will generate warnings for sites like www.the-α-site.com, for everyone. We could relax the rule to a "one section, one script", if we wanted to.
I think we have reached a point where we can start discussing implementation. First thing is: how do we detect the language? Given that we're talking about a KDE-wide setting, this cannot be a Konqueror config (in fact, Konqueror sends its Accept-Language header based on the global config).
Any opinions on how configurable this must be? On one extreme, we can do it all without any configuration options.