RE: [xri] Homographic attacks

["Drummond Reed" <drummond.reed@cordance.net>]

Dave, here's some revised text for the Security and Data Protection section
3.5 (Spoofing) that adds more info about the type of attacks Glenn was
writing about. Feel free to edit and fold this into your the O5 draft.

=Drummond 

***START PROPOSED TEXT***

One particularly important security consideration is spoofing, covered both
in [URI] and thoroughly in [IRI] Section 7.5, but deserving of repetition
here. Spoofing is a semantic attack in which an XRI is deliberately
constructed to deceive the user into believing it represents one resource
when it fact it represents another. A common example is using mixing script
forms of multiple languages to create homographic characters (characters
that look alike, even to the trained eye). A common example is the Latin
"A", the Greek "Alpha", and the Cyrillic "A".

Spoofing has been used extensively in email "phishing" attacks. As more
browsers add support for Internationalized Domain Names (IDN), it is also
starting to be used in online web links ("pharming"), where not only are
some users less suspicious of fraudelent Web addresses, but the attacker may
even register a corresponding SSL/TLS certificate to make the fradulent site
look completely secure.

To help prevent this problem, XRI registries SHOULD institute policies
preventing the registration of deceptive or homographic XRIs, and user
agents that process XRIs SHOULD incorporate safeguards such as warning users
when XRIs contain common homographic characters.

***END***

-----Original Message-----
From: Dave McAlpin [mailto:Dave.McAlpin@epok.net] 
Sent: Monday, February 21, 2005 5:08 PM
To: Drummond Reed; xri@lists.oasis-open.org
Cc: Adam C. Engst; glenn@glennf.com
Subject: RE: [xri] Homographic attacks

This is already covered to some degree in section 3.5 of Syntax. Can you
take a look at that section and see what's missing?

-----Original Message-----
From: Drummond Reed [mailto:drummond.reed@cordance.net] 
Sent: Monday, February 21, 2005 5:05 PM
To: xri@lists.oasis-open.org
Cc: 'Adam C. Engst'; glenn@glennf.com
Subject: [xri] Homographic attacks

Peter et al:

As phishing continues on the rise, there is an excellent series of
articles
in TidBITs by Glenn Fleishman about "homograph" attacks where the
attacker
registers an international domain name that is - even to the trained eye
-
undistinguishable from the real thing due to the fact that it uses
Unicode
characters that are appear extremely similar to ASCII characters.

It's become serious enough that they are warning Firefox users to
disable
IDN until Firefox comes up with a fix.

I'm copying Adam and Glenn so they know that this is something the XRI
TC is
interested in helping prevent with XRIs. (Adam, Glenn, if you want to
reply
with more info, you can reply back to me and I'll forward to the list.)

Peter, I think we should mention this in the Security Considerations
section
of XRI Syntax.

=Drummond 



To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/xri/members/leave_workgroup
.php.


-- 

Checked by AVG Anti-Virus.
Version: 7.0.305 / Virus Database: 266.1.0 - Release Date: 2/18/2005