On 18-jul-2005, at 23:43, Crist Clark wrote:
Isn't someone more eloquent than I going to point out that that
spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground
trains
to prevent bombings? It focuses on one small vulnerability that
phishers
exploit, and "fixing" this one vulnerability just may make things
worse.
If you make a bunch of assumptions (SSL certificate chain is ok,
binary is trustworthy, etc) you can be sure that when it says https://
www.blah.com/ in your browser, you're actually communicating with the
entity holding the name www.blah.com in a secure way. So when
something that looks exactly like www.blah.com is in fact different
from www.blah.com, that's a pretty big deal because it breaks the
whole system. So how would fixing this make things worse? And what
else should we be doing instead?
