Yes, that may lock down the homograph thing, but it does nothing to address the wider class of attacks.
Indeed not. Did I say it was the only solution? I was merely commenting on your use of the Shmoo example.
I'm confused by one thing. Why is it that the Shmoo IDN bypassing was so strongly reacted to, when the whole phishing thing has been going on for years now, and has not received even a tenth as much recognition as Shmoo achieved in a weekend?
In a nutshell, because the Shmoo group exploit makes this:
http://www.gerv.net/security/stay-safe/
not true. For that reason, "the Shmoo attack" is _not_ a shorthand for a whole wider class of attacks.
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
