Absolutely. I want to see the registrar automatically sign up amazon.com to have all of the possible phishing permutations of that domain so that no one can buy one similar enough to result in successful phishing attacks. This can be easily automated, the hard part is coming up with the rules on what is similar enough and what isn't. It would be a societal study to come up with such a rule set, but it's human nature and human society that we're dealing with when it comes to phishing isn't it?
It's not a societal problem, it's one of perception.
To a dyslexic, www.paylap.com might seem very close to www.paypal.com, but a non-dyslexic person might easily notice that one.
Are you going to register every possible transposition of two letters when you register a domain? Are BMI music going to have to give their domain to IBM?
IMO, the only workable system is a post-hoc one, which means that either domain name registrars have to keep enough info to track down domain owners in real life, or CA cert issuers are. And I know which group it's more likely that we'll persuade to do that.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
