North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Non-English Domain Names Likely Delayed

  • From: Crist Clark
  • Date: Mon Jul 18 17:44:36 2005

Isn't someone more eloquent than I going to point out that that spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground trains
to prevent bombings? It focuses on one small vulnerability that phishers
exploit, and "fixing" this one vulnerability just may make things worse.
It wastes resources that could go to coming up with a *real* solution, and
it may provide a false sense of security. There are dozens of ways we know
of, and probably more that lie undiscovered, to exploit vulnerabilities in
DNS, browsers, and in human nature to conduct phishing.

Worrying about homographs is probably something about which we should let
the trademark lawyers get there undies in a bunch (knowing ICANN, that
may very well be what's driving this, not phishing worries) while the IT
security community concerns itself with a usable, and actually secure,
end-to-end security model for e-commerce.
--
Crist J. Clark                               [email protected]
Globalstar Communications                                (408) 933-4387