Gervase Markham <[EMAIL PROTECTED]> wrote: > > Please think twice before creating a precedent of a browser > > completely blackholing a technically valid (albeit devious) site. > > If the site is devious, what possible benefit is there in allowing the > user access to it?
The user might be investigating alleged phishers (who are targeting browsers less protective than the investigator's). Users often guess domain names. There might be cases where the common name of an organization includes non-ASCII punctuation that browsers would consider unsafe to display, but the organization might want to put a web server there that redirects users to a safe name when they type the unsafe name as a guess. Finally, I don't think we can be sure that our automated phishing detector has no false positives, so I think making sites completely inaccessible is overkill when it would be sufficient merely to foil the spoof by showing an unambiguous form of the name (like the ACE form, or a Unicode form with certain characters percent-encoded). AMC
