IDNA and security - ReadList.com

5 msg	ziyi_2005 key's main signatures not in debian-k...
1 msg	[ph.unimelb.edu.au #1019] AutoReply: [SECURITY]...
1 msg	[ph.unimelb.edu.au #1018] AutoReply: [SECURITY]...
1 msg	[ph.unimelb.edu.au #1017] AutoReply: [SECURITY]...
1 msg	[ph.unimelb.edu.au #1013] [SECURITY] [DSA 675-1...
1 msg	[ph.unimelb.edu.au #1012] [SECURITY] [DSA 674-1...
1 msg	[ph.unimelb.edu.au #1011] [SECURITY] [DSA 673-1...
1 msg	[support: [ph.unimelb.edu.au #1013] AutoReply: ...
4 msg	[ph.unimelb.edu.au #1013] AutoReply: [SECURITY]...
2 msg	[ph.unimelb.edu.au #1012] AutoReply: [SECURITY]...
1 msg	[ph.unimelb.edu.au #1011] AutoReply: [SECURITY]...
4 msg	Please help test Snort 2.3.0 (experimental) pac...
2 msg	bind vulnerabilities
2 msg	Ghostscript Multiple Local Insecure Temporary F...
1 msg	debian and CAN-2004-1237 vulnerability?
2 msg	apache utilities insecure temp file creation vu...

IDNA and security
\ Florian Weimer (8 Feb 2005)
. \ Michael Stone (8 Feb 2005)
. . \ Florian Weimer (8 Feb 2005)
. . . \ Michael Stone (8 Feb 2005)
. . . . \ Florian Weimer (8 Feb 2005)
. . . . \ Bernd Eckenfels (8 Feb 2005)
. . \ Joey Hess (8 Feb 2005)
. . . \ Florian Weimer (8 Feb 2005)
. . . \ Michael Stone (8 Feb 2005)
. . \ Henrique de Moraes Holschuh (9 Feb 2005)
. . . \ Michael Stone (9 Feb 2005)

2 msg	Re: [SECURITY] [DSA 671-1] New xemacs21 package...
1 msg	Paulo Eduardo Pasquini Marcondes/RJ/Petrobras e...
7 msg	Grsecurity patches on Debian

Subject:	IDNA and security
Group:	Debian-security
From:	Florian Weimer
Date:	8 Feb 2005

People are filing security bugs because of the homograph issue. But
is this a real security problem? Do you think we should change our
fonts so that 1, l and I (and O and 0, of course) are more different
visually?

IMHO, the whole underlying idea that you can use a name to tell if a
site is trustworthy is flawed. The net just doesn't work this way.

--
To UNSUBSCRIBE, email to debian-security-REQUEST
with a subject of "unsubscribe". Trouble? Contact listmaster