Jean-Marc Desperrier wrote: > Yee, what you see as a list is primarily a newsgroup > 'netscape.public.mozilla.security' on which it's easy to get all the old > messages, and it would be very useful that you read all those related to > this problem.
Thank you. Yes, i understand that the mozilla-security@mozilla.org mailing list is a gateway to netscape.public.mozilla.security. I have been using gmane.org to read the past messages on this group, and i have read the "fake URLs" thread that appeared right after the IDN problem was announced, as well as Gervase's "Plan for Scams" blog entry. Lots of people raised good points in those discussions (and i have some comments to add, which i plan to post soon). When i asked "what happened", i meant that i'd like to know the story of how IDN support got added to Firefox in the first place. (Sorry i wasn't so clear.) Were security folks aware that it was being added? Did they have an argument with the IDN developers and lose? I'm wondering why the whole "fake URLs" discussion happened *after* the spoof was publicized, rather than *before* IDN was added. I tried searching Google Groups, but could not find any mention of IDN on netscape.public.mozilla.security or netscape.public.mozilla.crypto prior to February 7, 2005, though the appearance of IDN patches on netscape.public.mozilla.reviewers goes back to March 2003. -- ?!ng _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
