[cabfpub] ICU library patch for Unicode spoof checks
Rick Andrews
Rick_Andrews at symantec.com
Thu Mar 28 01:01:10 UTC 2013
Brad,
I believe the competing patch is this one: http://bugs.icu-project.org/trac/ticket/9440
Can you point me toward info on how to checkout and build the library, and where SpoofChecker is documented?
-Rick
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Hill, Brad
Sent: Thursday, March 07, 2013 9:09 AM
To: public at cabforum.org
Subject: [cabfpub] ICU library patch for Unicode spoof checks
Should be available in v51.1, http://bugs.icu-project.org/trac/milestone/51.1%20(release)
http://bugs.icu-project.org/trac/ticket/7645
They accepted a "competing" patch submitted by Google as theirs also included C++ code, but theirs didn't include the bidirectional text requirement.
That is extremely simple to implement by simply forbidding the following code points (punycode encoded or native) in hostnames:
LRE: U+202A
RLE: U+202B
PDF: U+202C
LRO: U+202D
RLO: U+202E
Brad Hill
Ecosystem Security
PayPal Information Risk Management
cell: 206.245.7844
skype/twitter: hillbrad
email: bhill at paypal-inc.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130327/59ffee03/attachment-0003.html>
More information about the Public
mailing list