>On Sat, Feb 21, 2009 at 1:19 PM, Paul Hoffman <phoff...@proper.com> wrote: >>>I don't see how the attack could have been done without wildcards. CA >>>guidelines say that certificates should not be issued with homographic >>>characters that might cause confusion >> >> They do? Where? > >I believe that Unicode Technical Report #36 addresses this.
UTR #36 is not a CA guideline, it is a guideline that some CAs might read and implement. I know of none that have. Does anyone here know which CAs, if any, do any filtering based on IDNA labels in requested certs? --Paul Hoffman -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
