IDN with Gemini?

Sean Conner sean at conman.org
Tue Dec 8 22:13:19 GMT 2020

Previous message (by thread): IDN with Gemini?
Next message (by thread): IDN with Gemini?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It was thus said that the Great Stephane Bortzmeyer once stated:
> On Tue, Dec 08, 2020 at 01:18:07AM +0100,
>  Philip Linde <linde.philip at gmail.com> wrote 
>  a message of 69 lines which said:
> 
> > homograph attacks
> 
> Homograph attacks are basically a good way to make an english-speaking
> audience laugh when you show them funny Unicode problems (I've seen
> that several times in several meetings: the languages and scripts of
> other people are always funny). No bad guy use them in real life,
> probably because users typically never check the URI or IRI.

  True, there's no need currently for homograph attacks if other, simpler
means are available.

> And they exist with ASCII, too (goog1e.com...)

  True.  But a more concerning attack is bitsquatting [1], a much harder
attack to thwart.  Is it widely used?  Hard to say actually.

> > Some browsers deal with homograph attacks by displaying punycode
> > directly based on some basic heuristic (e.g. when a hostname
> > contains both cyrillic and latin codes).
> 
> Which is awful for the UX. Note that such mangling is never done for
> ASCII, which clearly shows a provincial bias toward english.
> 
> > Octet encoded ASCII does have the nice property that there are no
> > homographs, there's no normalization,
> 
> This is not true. Since percent-encoding encodes bytes, there are
> still several ways to represent "the same" string of characters and
> therefore normalization remains an issue.

  Yes, but by "normalization" they mean precomosed characters (like
"\u{00E9}") vs. combining characters (like "e\u{0301}"), along with the
ordering of consecutive combining characters.

> > RFC 4690 is a good read on the topic of IDNs.
> 
> No, it is a one-sided anti-internationalization rant.

  Aside from the "internationalization is hard", what's so bad about the
document?  Remember, they *are* (or *were*) trying to retrofit
internationalization into protocols that were never designed for it.

  -spc

[1]	http://www.dinaburg.org/bitsquatting.html

Previous message (by thread): IDN with Gemini?
Next message (by thread): IDN with Gemini?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list