*shrugs* This has already been the status quo for several years w/ third level domains, ICANN has just approved second level domains and even TLDs. We're going to have some interesting appcompat issues (understatement) as punycode is not at all an OS component yet. So on the one hand, you have this issue having already been dealt with for the last few years, courtesy of the Shmoo guys. On the other hand, you have ICANN creating an expectation for OS developers. Outside of the browser -- and that includes email clients -- people shouldn't really expect these new domains to work entirely properly anytime soon. And, yes, as they do start working properly, we'll see some Punycode vulns pop up.
On Sat, Oct 31, 2009 at 6:14 AM, Larry Seltzer <[email protected]> wrote: > http://www.pcmag.com/article2/0,2817,2355068,00.asp?kc=PCRSS05079TX1K0000992 > > > > So have the security implications of these new domain names really been > thought through? > > > > Larry Seltzer > Contributing Editor, PC Magazine > > [email protected] > > http://blogs.pcmag.com/securitywatch/ > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
