[Pkg-kde-bugs-fwd] [Bug 98788] Possible solution to IDN domain spoofing/phising

[Thiago Macieira]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=98788         




------- Additional Comments From thiago kde org  2005-02-19 16:02 -------
I thought of an env var because we're dealing with very low-level stuff here. And because it was easier.

In any event, I've thought of a possibility to have half-IDN support: just disable the ToUnicode conversion. That way, the www.pаypal.com URL would show up as www.xn--pypal-4ve.com but would *still* work.

I am sure no one mistakes "paypal" with "xn--pypal-4ve". But supposing one *wanted* to get to that site, he'd still be able to. This doesn't stop people from writing such URLs -- or having them shown in KMail, Kopete, etc. -- but once you browse to the site, you will notice it's not the right one.

Now, this would be a violation of RFC 3490. It explicitly says not to show the ACE form, except for debugging.