@bagder IDNs use IDNA not just punycode. While punycode is an algorithm that can encode any Unicode character into ASCII, IDNA adds further rules and hence not all characters can end up in a domain name. Plus registries add their rules. And ICANN for gTLDs (see SAC095 at itp.cdn.icann.org/en/files/secβ¦). So lots of attacks can't work as domains can't exist for real. Then, yes, you have the odd ones, allowing lots of things, like `.ws` TLD. I recommend this past presentation: i.blackhat.com/USA-19/Thursdayβ¦
https://framapiaf.org/@pmevzek/113652094283691849
No replies.
ββββ
ββββ