IDN Security Issues and Mozilla

Gervase Markham

The Mozilla Foundation

Overview

The Problem: Phishing

The Solution

Aim: no two confusable domains registered to different
entities

Interim Mozilla Policy

26 TLDs (including 3 gTLDs) signed up

ICANN Guidelines are a pretty good match

ICANN Guidelines

The risks:

  1. Mixed-script spoofing (e.g. paypal.com with Cyrillic a)
  2. Single-script spoofing (e.g. scope.ru)
  3. Protocol character spoofing (e.g. FRACTION SLASH)

ICANN Guidelines

Applause for:

The End