-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Friday 2007-10-05 at 13:13 +0100, Dave Howorth wrote:
On Thu, 2007-10-04 at 01:06 +0200, Carlos E. R. wrote:
Another curiosity is that the whois for .com do support IDN, but others,
like .cl or .es, do not - and they should, as they are interested parties
in this.
Also interesting and perhaps relevant is that cl is listed as a good guy
on: <http://www.mozilla.org/projects/security/tld-idn-policy-list.html>
I had no idea of this.
Sadly com is not. Neither is es
So if I read the implications correctly, you may be able to register
spoof domains on .com and the whois will spoof you as well. You can't
register spoof domains on .cl and the whois is completely unambiguous
but a pain unless/until they upgrade their whois. Not sure what the
position of .es is?
They started registering IDN domains only two days ago, but that's about
all I know. The charset they allow is published:
'á', 'à', 'é', 'è', 'í', 'ì', 'ó', 'ò', 'ú', 'ü', 'ñ', 'Ç' and 'l·l'
but I don't know if there is danger in them or not, nor what is the
policy.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFHBrH2tTMYHG2NR9URAl5wAKCN3PnU4zN6Oxahgm94gHOotFGIrgCdEfue
ldQU9qTycI8L94ERP0MvUmQ=
=kLgu
-----END PGP SIGNATURE-----
