[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

To: Tosoni <jean-pierre.tosoni@xxxxxxxxxxxxxx>
Subject: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: Riccardo Murri <murri@xxxxxxxxxxxxxxxx>
Date: Fri, 18 Feb 2005 10:56:48 +0100

[Tosoni, Thu, Feb 17, 2005 at 10:20:22AM +0000]
> Back to the original problem, shouldn't the browser check that the
> domain name sought by the user, is only composed from existing keys on
> the user's keyboard, and alert the user otherwise ?

That would restrict US keyboard users from surfing websites with
names from almost any non-English language... 

It would probably be a good way to boycott IDN :)

Riccardo

References:
- RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: Tosoni

Prev by Date: 3com 3CDaemon FTP "USER" Remote BOverflow POC
Next by Date: Re: SHA-1 broken
Previous by thread: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by thread: [USN-82-1] Linux kernel vulnerabilities
Index(es):
- Date
- Thread