Steve, At 09:35 PM 2/3/2002 -0500, Steven M. Bellovin wrote: >There'a a good discussion of the security risks of the code point >problem at http://www.csl.sri.com/users/neumann/insiderisks.html#140
homographic attacks are not new with the IDN effort. for example, MICROS0FT.COM was done. For that matter, choice of different top-level domains permits a degree of homographic attack. Try looking at dnso.com, rather than dnso.org. (No, this approach does not qualify precisely as homographic, but it takes advantage of a small difference from the real name, hoping that users will not notice. And it does work.) Hence, the IDN work does not introduce a new risk. d/ ---------- Dave Crocker <mailto:[EMAIL PROTECTED]> Brandenburg InternetWorking <http://www.brandenburg.com> tel +1.408.246.8253; fax +1.408.273.6464
