On 11/02/12 01:16, Masataka Ohta wrote: > Randy Bush wrote: > >>> My $0.02 on this issue is if the message is rich text I hover over the link >>> and see where it actually sends me. >> idn has made this unsafe > I pointed it out at IETF Munich in 1997 that with an example of: > > MICROSOFT.COM > > where 'C' of MICROSOFT is actually a Cyrillic character. > > But, people insisted working on useless IDN. > > Masataka Ohta > >
Techniques to deal with this sort of spoofing already exist: see http://www.mozilla.org/projects/security/tld-idn-policy-list.html for one quite effective approach. -- Neil
