[cabfpub] ICU library patch for Unicode spoof checks

Rick Andrews Rick_Andrews at symantec.com
Thu Mar 28 01:01:10 UTC 2013


I believe the competing patch is this one: http://bugs.icu-project.org/trac/ticket/9440

Can you point me toward info on how to checkout and build the library, and where SpoofChecker is documented?


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Hill, Brad
Sent: Thursday, March 07, 2013 9:09 AM
To: public at cabforum.org
Subject: [cabfpub] ICU library patch for Unicode spoof checks

Should be available in v51.1, http://bugs.icu-project.org/trac/milestone/51.1%20(release)


They accepted a "competing" patch submitted by Google as theirs also included C++ code, but theirs didn't include the bidirectional text requirement.

That is extremely simple to implement by simply forbidding the following code points (punycode encoded or native) in hostnames:

LRE:  U+202A
RLE:  U+202B
PDF: U+202C
LRO: U+202D
RLO: U+202E

Brad Hill
Ecosystem Security
PayPal Information Risk Management
cell: 206.245.7844
skype/twitter: hillbrad
email: bhill at paypal-inc.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130327/59ffee03/attachment-0003.html>

More information about the Public mailing list