Hi,* Richard Lewis <richard.lewis.deb...@googlemail.com> [2024-11-21 * 22:05]:
I have no experience with bidirectional attacks, but browsers mitigate homograph attacks in IDNs by disallowing mixed alphabets such as cyrillic and latin letters in the same name. That seems to be a reasonable restriction for user names as well.would allowing utf-8 enable some of the abuse described at https://lwn.net/Articles/874951/ ?as usernames appear in logs and other output (and are passed to all sorts of commands), it seems a bad idea to be too permissive or to change from historic practice by default, even though from a user pov it would be nice to have the option
Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
signature.asc
Description: PGP signature
