[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] Homographic attacks
Glenn, Thanks for the extra push. As a purely technical specification for XRI Syntax, there's only so much we can say or require regarding implementations. But registry efforts such as those at XDI.ORG could definitely take stronger steps, and I for one will lobby them to do so. Best, =Drummond -----Original Message----- From: Glenn Fleishman [mailto:glenn@glennf.com] Sent: Monday, February 21, 2005 6:28 PM To: Drummond Reed Cc: 'Dave McAlpin'; xri@lists.oasis-open.org; 'Adam C. Engst' Subject: RE: [xri] Homographic attacks >To help prevent this problem, XRI registries SHOULD institute policies >preventing the registration of deceptive or homographic XRIs, and user >agents that process XRIs SHOULD incorporate safeguards such as warning users >when XRIs contain common homographic characters. This is definitely -- and no offense to the coiners -- too mild. I would argue that the registries should be required to check against a homographic database to prevent obvious spoofing. -- Glenn Fleishman seattle, washington work and home: glennf.com wireless data news: wifinetnews.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]