[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Support of kepler, sputnik, etc and security risks
- From: Florian Weimer <fw@...>
- Date: Wed, 21 Oct 2009 21:28:38 +0200
* Tony Finch:
> On Sat, 17 Oct 2009, David Given wrote:
>>
>> There isn't really a good solution to this --- it's one of the reasons
>> why Unicode domain names have never really taken off.
>
> The solution is generally for TLDs to implement a character set policy.
> For example, .at only allows these non-ascii characters in domain names:
> ä ü ö ë à á â è é ê ì í î ï ò ó ô ù ú û ý ÿ ã å æ ç ð ñ õ ø œ š þ ž
.at can't control what you put into subdomains. So you just have to
put a homograph for "/" into a subdomain and you are done.
But the l1I homographs and the fact that browsers truncate long domain
names at the right end, and not the left, shows that this is a tempest
in a teapot. If those problems were real, vendors would have been
forced to fix them by now. (Back when those issues were raised for
the first time, the URL bar wasn't even a mandatory UI element, it
could be disabled with simple, well-documented Javascript!)
- References:
- Support of kepler, sputnik, etc and security risks, Fernando P. García
- Re: Support of kepler, sputnik, etc and security risks, Jim Whitehead II
- Re: Support of kepler, sputnik, etc and security risks, David Given
- Re: Support of kepler, sputnik, etc and security risks, Tony Finch
