Gervase Markham wrote: > After today's staff and drivers meetings, mozilla.org has decided on a > short-term course of action for dealing with the IDN/punycode problem. > > http://weblogs.mozillazine.org/gerv/archives/007556.html
I think a better (temporary) solution than just dropping IDN support would be to always display the punycode encoded domain name instead of the unicode version (Urlbar/Statusbar always shows www.xn--mozlla-5va.org instead of www.moz�lla.org). This way there is no security problem because the displayed punicode names don't look simular to "regular" domains anymore, but they would still work and are reachable even through Unicode links. IDN domain names would look ugly, but at least they would still work. /Stephan _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
