[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] On those spoofed domain names...

In article <e7d858f4-a982-6b23-e06e-9de33487df31 AT echeque.com> you write:
>The solution is obvious:
>Map every domain to a canonical look alike

To put it mildly, this is not exactly a new idea.  You might want to
read up on terms like normalization and variants and IDNA to see how
not-new it is.

What people who have actually tried it have found it is that it only
gets you so far, because there is a strong cultural aspect to whether
things look alike.  For example, to someone who speaks English, the
letters O and Ø look similar, but if you speak Danish or Norwegian
they're completely different.  On the other hand, to an English
speaker, 246 and 二四六 look very different, but if you speak Chinese,
they're pretty much interchangable.  This doesn't even scratch the
surface of the messes that arise when you have left-to-right and
right-to-left scripts and try to combine them.

The cryptography mailing list
cryptography AT metzdowd.com