North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Non-English Domain Names Likely Delayed

  • From: Iljitsch van Beijnum
  • Date: Mon Jul 18 18:04:49 2005

On 18-jul-2005, at 23:43, Crist Clark wrote:

Isn't someone more eloquent than I going to point out that that spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground trains
to prevent bombings? It focuses on one small vulnerability that phishers
exploit, and "fixing" this one vulnerability just may make things worse.
If you make a bunch of assumptions (SSL certificate chain is ok, binary is trustworthy, etc) you can be sure that when it says https:// in your browser, you're actually communicating with the entity holding the name in a secure way. So when something that looks exactly like is in fact different from, that's a pretty big deal because it breaks the whole system. So how would fixing this make things worse? And what else should we be doing instead?