Return-Path: Received: from murder ([unix socket]) by eikenes.alvestrand.no (Cyrus v2.2.8-Mandrake-RPM-2.2.8-4.2.101mdk) with LMTPA; Wed, 11 May 2005 17:41:15 +0200 X-Sieve: CMU Sieve 2.2 Received: from localhost (localhost.localdomain [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 6402B61B05 for ; Wed, 11 May 2005 17:41:15 +0200 (CEST) Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25661-07 for ; Wed, 11 May 2005 17:41:13 +0200 (CEST) X-Greylist: domain auto-whitelisted by SQLgrey-1.4.8 Received: from psg.com (psg.com [147.28.0.62]) by eikenes.alvestrand.no (Postfix) with ESMTP id D1D2361AF1 for ; Wed, 11 May 2005 17:41:12 +0200 (CEST) Received: from majordom by psg.com with local (Exim 4.50 (FreeBSD)) id 1DVtIt-000DdR-07 for idn-data@psg.com; Wed, 11 May 2005 15:39:19 +0000 Received: from [63.247.74.122] (helo=montage.altserver.com) by psg.com with esmtps (TLSv1:DES-CBC3-SHA:168) (Exim 4.50 (FreeBSD)) id 1DVtIs-000DdC-8Y for idn@ops.ietf.org; Wed, 11 May 2005 15:39:18 +0000 Received: from lns-p19-2-idf-82-251-106-212.adsl.proxad.net ([82.251.106.212] helo=jfc.afrac.org) by montage.altserver.com with esmtpa (Exim 4.44) id 1DVsga-0006W0-4F; Wed, 11 May 2005 07:59:45 -0700 Message-Id: <6.2.1.2.2.20050511161244.04977eb0@mail.jefsey.com> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Wed, 11 May 2005 16:21:01 +0200 To: "Hallam-Baker, Phillip" From: "JFC (Jefsey) Morfin" Subject: [idn] RE: a way toward homograph resolution ? (was "improving WG operation") Cc: idn@ops.ietf.org In-Reply-To: <198A730C2044DE4A96749D13E167AD3725025B@MOU1WNEXMB04.vcorp. ad.vrsn.com> References: <198A730C2044DE4A96749D13E167AD3725025B@MOU1WNEXMB04.vcorp.ad.vrsn.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - montage.altserver.com X-AntiAbuse: Original Domain - ops.ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - jefsey.com X-Source: X-Source-Args: X-Source-Dir: Sender: owner-idn@ops.ietf.org Precedence: bulk X-Virus-Scanned: amavisd-new at alvestrand.no On 15:29 11/05/2005, Hallam-Baker, Phillip said: > > This cacologic however might be a good way to solve the IDN > > homograph issue and the phishing problem. > >I have been spending most of my time on the phishing problem for three >years. I have yet to see a phishing gang use the DNS IDN loophole for a >phishing attack. Dear Allan, I am afraid you are right due to the low interest in the IDN solution (however punycode is of interest). Why not to document your experience to ccTLDs? We are very concerned about this because we can do nothing about it and people believe we can. What what "techies" say is "don't worry" we know the problem for a long :-). True this is one of the reason why I objected to IDNA. But IDNA is still here? Help welcome! >This is probably because the issue was an administrative one, the cert >should never have issued and in the wake of the paper the CAs I have >talked to have all corrected the issue. CA? >The lookalike DNS name problem was known before the design of SSL >started, remember Micros0ft.com? > >Today the phishing gangs use bigbank-security.com or bigbank-corp.com or >something similar. They are not going to use IDN DNS names until the >application support is much much more comprehensive by which time the >strategy will have changed. > >So in summary no, 'solving' the homolog issue is irrelevant to current >phishing issues and by the time it is relevant I hope :-) Hope? In security? I am afraid we cannot take that risk. >that we would no longer think it is a good idea to try to train users to >recognise DNS or X.500 names as security indicata. We need to make >security much more informative and usable if we want it to be used. Agreed. But how? Unless you forget about the DNS? Do you have specific ideas? jfc