nanog mailing list archives

Re: Non-English Domain Names Likely Delayed


From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 19 Jul 2005 00:02:35 +0200


On 18-jul-2005, at 23:43, Crist Clark wrote:

Isn't someone more eloquent than I going to point out that that spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground trains to prevent bombings? It focuses on one small vulnerability that phishers exploit, and "fixing" this one vulnerability just may make things worse.

If you make a bunch of assumptions (SSL certificate chain is ok, binary is trustworthy, etc) you can be sure that when it says https:// www.blah.com/ in your browser, you're actually communicating with the entity holding the name www.blah.com in a secure way. So when something that looks exactly like www.blah.com is in fact different from www.blah.com, that's a pretty big deal because it breaks the whole system. So how would fixing this make things worse? And what else should we be doing instead?


Current thread: