[cabfpub] ICU library patch for Unicode spoof checks
Hill, Brad
bhill at paypal-inc.com
Thu Mar 7 17:09:15 UTC 2013
Should be available in v51.1, http://bugs.icu-project.org/trac/milestone/51.1%20(release)
http://bugs.icu-project.org/trac/ticket/7645
They accepted a "competing" patch submitted by Google as theirs also included C++ code, but theirs didn't include the bidirectional text requirement.
That is extremely simple to implement by simply forbidding the following code points (punycode encoded or native) in hostnames:
LRE: U+202A
RLE: U+202B
PDF: U+202C
LRO: U+202D
RLO: U+202E
Brad Hill
Ecosystem Security
PayPal Information Risk Management
cell: 206.245.7844
skype/twitter: hillbrad
email: bhill at paypal-inc.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130307/5f2e2bd0/attachment-0002.html>
More information about the Public
mailing list