[Standards-JIG] proto-JEP: Best Practices toPrevent PhishingAttacks on the Jabber/XMPP Network

Ian Paterson ian.paterson at clientside.co.uk
Wed Nov 16 08:30:51 UTC 2005


> > I wondered if the title could be Preventing JID and
> > Name Spoofing?
> 
> Yes, I've gone back and forth on the title. My research 
> indicates that the term "spoofing" covers both address
> forging (which is very hard in Jabber systems) and 
> mimicking (which is relatively easy), so I'd prefer 
> something like "Best Practices to Prevent Mimicked JIDs"
> or somesuch.

+1

> > The example in the introduction is not visible on most 
> > systems since Cherokee fonts are usually not installed
> > outside North America. ;-)
> 
> Maybe I should make an image out of it?

Yes (Cherokee is interesting), although an image would make distribution
of the JEP more complicated.

Perhaps you could (also) provide a more realistic example e.g. the
substitution of one letter wih a number. FYI, the domain name auction
sites used to be full of this type of abuse.

- Ian




More information about the Standards mailing list