XRI Wiki
Requirements/Proposal Page for Syntax Issue #8: IRI Authority Spoofing
Contents
1. Introduction/Motivation
This issue was raised by Wil Tan in an Sept. 16 email to the list. It concerns a possible semantic attack that would use Unicode homographs (lookalike characters) for the XRI delimiter characters (such as the @ or = signs) to fool users into thinking they were being resolved by a trusted XRI authority when in fact they were being resolved using a "hidden" IRI authority.
2. Status
- Version: .5
- Action: Needs full proposal.
3. Requirements
- If possible, prevent semantic attacks using Unicode homographs for XRI delimiter characters.
- Achieve this protection by excluding as few IRI-allowable iunreserved characters as possible.
- Enable compliance with this exclusion to be as simple for implementers as possible.
4. Proposal
See the first draft proposed excluded character set in the body of this XRI TC email from Wil Tan (see the end of the message.)
5. Discussion
See the an original thread started on Sept. 16 by Wil Tan.
Discussion continues in this thread.