Home page logo
/

nanog logo nanog mailing list archives

Re: Dear RIPE: Please don't encourage phishing
From: Valdis.Kletnieks () vt edu
Date: Sun, 12 Feb 2012 14:55:48 -0500

On Sun, 12 Feb 2012 16:59:36 +0900, Masataka Ohta said:
The problem is greekbank.gr is spoofable as greekbank.gr.

That would be the .gr registry's problem then.  They could take the same
solution as the .ua registry -force lowercase and allow all-latin or all-greek
names.

Oh, what do you know... they *do* do something similar.
https://grweb.ics.forth.gr/tomcat_docs/AP592_012_2011_.pdf
See page 5 and 6, in particular:

8. Any [.gr] Domain Names that are homographs of a [.gr] Domain Name
already assigned shall be automatically reserved for the Holder of the
above assigned [.gr] Domain Name and shall be activated following the
Holder's submission of an activation declaration to the Registry.

So how do you spoof greekbank.gr with greekbank.gr under those rules?

No, the simple solution against such a simple problem is to
use proper font, because all the people know that '0' and 'o'
are different characters and treat them differently.

Well then, if all that's required is a "proper font",  what is the problem with
your Saitoh families? You said they were "represented by 4 similar but
different characters, which is distinguished by people named "Saitoh" but not
distinguished by most others,"  Why can't *they* use a "proper font" that makes
the difference between the 4 characters recognizable?  After all, *they*
know the 4 characters are different and can treat them differently, right?

(And no, it's *not* "different for kanji" - it's the exact same problem and you
know it.  In both cases, (I/l and your Sai issue), the problem is similar
glyphs.  Don't bother replying to suggest a fix for the lower-l/upper-I issue
unless the *same* fix applies to your Sai issue).

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]