Erik van der Poel <[EMAIL PROTECTED]> wrote: > But then, in the current climate, where phishing is becoming a larger > problem and identity theft is growing fast, would you say that it is > safe to use Unicode in *DNS*, one of the most important underpinnings, > security-wise, of the Internet?
Doug Ewell <[EMAIL PROTECTED]> wrote: > If you need a wider repertoire, you can use Unicode and you can > *still* implement a subset. The problem, as always, is in determining > what the subset should be. I'm with you both. I wanted the IDN working group to define a subset, but ultimately I was persuaded that it was not feasible for the IETF to reach consensus on such a subset, and that subsetting could and should be done on a per-registry basis, inside the registry rather than the applications. But the slash-homograph attack now makes that approach (in its pure form) appear hopeless. AMC
