Ignore:
Timestamp:
Mar 28, 2011, 8:57:09 PM (9 years ago)
Author:
duerst@…
Message:

adapted text from http://lists.w3.org/Archives/Public/public-iri/2010Mar/0000.html, with some tweaks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-iri-3987bis/draft-ietf-iri-3987bis.xml

    r44 r45  
    22582258For example, some UTF-8 decoders do not check against overlong
    22592259byte sequences. See <xref target='UTR36'/> Section 3 for details.</t>
     2260
     2261  <t>There are serious difficulties with relying on a human to verify that a
     2262    an IRI (whether presented visually or aurally)
     2263    is the same as another IRI or is the one intended.
     2264    These problems exist with ASCII-only URIs (bl00mberg.com vs. bloomberg.com)
     2265    but are strongly exacerbated when using the much larger character repertoire of Unicode.
     2266    For details, see Section 2 of <xref target='UTR36'/>.
     2267    There seems to be little hope of relying on either administrative or technical means
     2268    to reduce the availability of such exploits, to the extent that user agents SHOULD NOT
     2269    relying on visual or perceptual comparison or verification of IRIs
     2270    as any means of validating or assuring safety, correctness or appropriateness of an IRI.</t>
    22602271
    22612272<t>There are various ways in which "spoofing" can occur with IRIs.
Note: See TracChangeset for help on using the changeset viewer.