Re: [ga] On Its Way: One of the Biggest Changes to the Internet

[Andy Gardner <andy@xxxxxxxxxxxxxxx>]

Please explain how a long idn domain beginning with xn-- is somehow  
more dangerous to the DNS than any other ascii domain name of the  
same limited character length?
Is xn-- some magical character sequence that terrorists came up with?

Sheesh. This will be on Fox "News" next.



On Oct 12, 2007, at 12:27 AM, jwkckid1@xxxxxxxxxxxxx wrote:

> Chris and all,
>
>   The answer is yes very easily.  The vulnerability will be
> higest durring the early testing phase and some brief
> time after full implimentation given that full implimentation
> occurs.  I am relitively sure some undisclosed Chinese
> IT hackers, perhaps working for the Chinese Govt. are
> already prepaired to proceed accordingly.
>
>   Frankly I believe a seperate zone should have been built for
> the testing phase, and for security reasons down the road
> I would have insisted that a seperate zone for segmenting
> off IDN's be maintained indefinately.  Seems the IANA/ICANN
> is not that concerned for user's security, nor privacy
> and potential damage which will insue accordingly.
>
> -----Original Message-----
> > From: "Prophet Partners Inc." <Domains@xxxxxxxxxxxxxxxxxxx>
> > Sent: Oct 12, 2007 12:38 AM
> > To: ga@xxxxxxxxxxxxxx
> > Subject: Re: [ga] On Its Way: One of the Biggest Changes to the  
> > Internet
> >
> > Hi Karl,
> >
> > With the potential problems from long IDN names, could poorly  
> > configured DNS
> > applications possibly create situations of DNS instability? Could  
> > criminal
> > or terrorist organizations launch DoS attacks in this manner?
> >
> > Sincerely,
> > Ted
> > Prophet Partners Inc.
> > http://www.ProphetPartners.com
> > http://www.Premium-Domain-Names.com
> >
> >
> > ----- Original Message -----
> > From: "Karl Auerbach" <karl@xxxxxxxxxxxx>
> > To: "Ram Mohan" <rmohan@xxxxxxxxxxxx>
> > Cc: <ga@xxxxxxxxxxxxxx>
> > Sent: Thursday, October 11, 2007 9:40 PM
> > Subject: Re: [ga] On Its Way: One of the Biggest Changes to the  
> > Internet
> >
> > > Ram Mohan wrote:
> > >
> > > > Numerous other usability issues exist, including some  
> > > > interesting ones
> > > > such as searchability of IDN names and IDN TLDs.
> > > It's been a while since I last scanned SIP VoIP implementations  
> > > for DNS
> > > vulnerabilities.
> > >
> > > But when I last did it, I found that a lot of VoIP phones had  
> > > weak DNS
> > > resolving engines that could be easily confused/killed by long  
> > > names (and
> > > IDN names can get long) and long or strange CNAMEs.
> > >
> > > (It is amazing the devices than can be sent into the weeds by  
> > > giving 'em a
> > > SIP or HTTP URI/URL that contains a domain name that gets mapped  
> > > via a
> > > CNAME into something that is either very long or contains the  
> > > full variety
> > > of 8-bit characters without honoring the "hostname" character set
> > > constraint.)
> > >
> > > Again, as you say, at the DNS layer, it's all just ASCII labels.   
> > > And the
> > > problems I saw weren't IDN problems, just weak DNS implementations.
> > >
> > > --karl--
> =======
>
> 'Regards,
> Jeffrey A. Williams
> Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
> "Obedience of the law is the greatest freedom" -
>    Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is  
> very
> often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;  
> liability
> depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.  
> div. of
> Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail  
> jwkckid1@xxxxxxxxxxxxx