Closed Bug 770877 Opened 12 years ago Closed 12 years ago

Add .com, .net, .name to IDN TLD whitelist

Categories

(Core Graveyard :: Networking: Domain Lists, defect)

Product:
Core Graveyard
Component:
Networking: Domain Lists
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla19

People

(Reporter: gerv, Assigned: gerv)

References

Details

Attachments

(1 file)

Patch v.1
1.14 KB, patch
Details | Diff | Splinter Review
Verisign have emailed me to ask that .com, .net and .name be added to the whitelist. Link to the Registry Home page: http://verisigninc.com/en_US/products-and-services/domain-name-services/registry-services/index.xhtml Link to the Policy Page: http://verisigninc.com/en_US/products-and-services/domain-name-services/domain-information-center/idn-code-points/index.xhtml Allowed Code Points as posted on IANA's IDN Repository: http://www.iana.org/domains/idn-tables/ Homograph Policy: http://verisigninc.com/en_US/products-and-services/domain-name-services/domain-information-center/idn-code-points/registration-rules/index.xhtml The new criteria for addition is that their policy be at least as strict as that outlined here: https://wiki.mozilla.org/IDN_Display_Algorithm Verisign's policy corresponds to the first 4 things we permit: 1. Common + Inherited + any other single script; (or) 2. Common + Inherited + Latin + Han + Hiragana + Katakana; (or) 3. Common + Inherited + Latin + Han + Bopomofo; (or) 4. Common + Inherited + Latin + Han + Hangul; They do not permit: 5. Common + Inherited + Latin + any single other script except Cyrillic, Greek, or Cherokee Therefore, their policy is more strict than ours and they can be included in the TLD whitelist under the transitional arrangements. Gerv
Blocks: 783401
I'd argue against this for ".com" and ".net" as a security issue. If someone is trying a homograph attack, it will probably be against a name in ".com". If there are any existing incorrect names in the ".com" TLD, making them inaccessible, or at least bringing up an alert box, would be appropriate. This would encourage the registries to clean up their act. If Network Solutions wants this, let them provide a list of "grandfathered" bad domain names in .com and .net for public examination.
Attached patch Patch v.1Splinter Review
Assignee: nobody → gerv
Status: NEW → ASSIGNED
Having evaluated the situation and the public discussion, I've decided to proceed with this change. https://hg.mozilla.org/integration/mozilla-inbound/rev/c95b9413e66e Gerv
https://hg.mozilla.org/mozilla-central/rev/c95b9413e66e
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
This change has been landed to Firefox 17 (both release and ESR channel) by Bug 802568, so now this document have to be updated: http://www.mozilla.org/projects/security/tld-idn-policy-list.html
Done. Gerv
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: