[cabfpub] Implementation of UTR-36 confusable text security considerations.

Hill, Brad bhill at paypal-inc.com
Thu Aug 23 18:30:18 UTC 2012


In response to questions on today's call about implementations about the confusable Unicode restrictions suggested for inclusion in BR 1.1, I can suggest the International Components for Unicode library:

http://site.icu-project.org/

And, specifically, the SpoofChecker class:

http://icu-project.org/apiref/icu4j/com/ibm/icu/text/SpoofChecker.html

And uspoof.h

http://icu-project.org/apiref/icu4c/uspoof_8h.html

This doesn't forbid the Left To Right Override character that I can tell from simple examination, but that's an easy check to add with a regex or character search.

Brad Hill
Ecosystem Security
PayPal Information Risk Management
cell: 206.245.7844
skype/twitter: hillbrad
email: bhill at paypal-inc.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120823/fbc69e2a/attachment-0003.html>


More information about the Public mailing list