[LINK] ICANN's non-Latin domain names

Kim Davies kim at cynosure.com.au
Sun Jan 3 18:45:47 AEDT 2010

On Jan 2, 2010, at 7:21 PM, Fred Pilcher wrote:

> Richard Chirgwin wrote:
>> In Firefox on Linux, the remapping is visible. Gee, what a great 
>> phishing opportunity ... habituate users to URL remapping. *Great* idea, 
>> Batman!
> Not here. I see mañana.com.
> What's happening I wonder.

Firefox showing the A-label form of the domain (i.e. prefixed with xn--) is their method of limiting the impact of homographic attacks. The idea is that for untrusted top-level domains, they will at least convert to the wire form and the end user might get that something is up when they see http://www.xn--pypal-4ve.com/ in their address bar after they type in paypal.com with a cyrillic 'a'. All top-level domains are untrusted (including .com), unless Firefox has whitelisted them. Its whitelist is quite small.

Safari has a different approach of whitelisting scripts (character collections in the Unicode standard), rather than TLDs. 

FWIW, Firefox initially responded to the idea of homographic attacks by disabling IDN support altogether, which was not well supported by the domain community (the European top-level domain operator's response is at http://www.circleid.com/posts/centr_statement_on_idn_homograph_attacks/)


More information about the Link mailing list