Let’s say that I go to google.com. The UI shows
https://google.com/ . No punycode because it is plain ascii. Everything is as expected.
Now let’s say I click on a link for googӏe.com. The ui shows https://xn--googe-hof.com/ (googӏe.com) I’d be like, holy shit that is a shady URL!
That’s how I imagine it helping, although I am not a UI expert. There could be a better way. But that googӏe.com scares me – I can’t visually tell that it is not a normal lowercase “l”.
P.S. for the URL in question, https://xn--gckvb8fzb.com/ (マリウス.com) I imagine that if I went to it frequently, I might begin to recognize the punycode, sorta like how people recognize rickroll URLs.
For most security - centric websites, the right name is ASCII only.
For any that aren’t, people would have the opportunity to become familiar with the correct fingerprint over time and have a chance to notice a difference.
I’m curious to hear if you think there is a better way. What I’m saying is unlikely to ever be implemented in a browser and I’m not trying to convince you or anything, just say why I personally would appreciate it.
deleted by creator
Let’s say that I go to google.com. The UI shows
https://google.com/. No punycode because it is plain ascii. Everything is as expected.Now let’s say I click on a link for googӏe.com. The ui shows
https://xn--googe-hof.com/ (googӏe.com)I’d be like, holy shit that is a shady URL!That’s how I imagine it helping, although I am not a UI expert. There could be a better way. But that googӏe.com scares me – I can’t visually tell that it is not a normal lowercase “l”.
P.S. for the URL in question,
https://xn--gckvb8fzb.com/ (マリウス.com)I imagine that if I went to it frequently, I might begin to recognize the punycode, sorta like how people recognize rickroll URLs.deleted by creator
Because it does not match google.com
deleted by creator
For most security - centric websites, the right name is ASCII only.
For any that aren’t, people would have the opportunity to become familiar with the correct fingerprint over time and have a chance to notice a difference.
I’m curious to hear if you think there is a better way. What I’m saying is unlikely to ever be implemented in a browser and I’m not trying to convince you or anything, just say why I personally would appreciate it.
deleted by creator
Yep. Do you all have important URLs with Unicode characters?
I think it would be great if registries screened registrations for confusable names. Even if they did though, I wouldn’t expect them to succeed 100%
deleted by creator