mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Tyops
This commit is contained in:
parent
d5704cf2a3
commit
56a358481e
@ -7,16 +7,16 @@ such, Matrix requires that all strings MUST be encoded as UTF-8. However,
|
|||||||
using Unicode as the character set for human-readable IDs is troublesome. There
|
using Unicode as the character set for human-readable IDs is troublesome. There
|
||||||
are many different characters which appear identical to each other, but would
|
are many different characters which appear identical to each other, but would
|
||||||
identify different users. In addition, there are non-printable characters which
|
identify different users. In addition, there are non-printable characters which
|
||||||
cannot be rendered the the end-user. This opens up a security vulnerability with
|
cannot be rendered by the end-user. This opens up a security vulnerability with
|
||||||
phishing/spoofing of IDs, commonly known as a homograph attack.
|
phishing/spoofing of IDs, commonly known as a homograph attack.
|
||||||
|
|
||||||
Web browers encountered this problem when International Domain Names were
|
Web browers encountered this problem when International Domain Names were
|
||||||
introduced. A variety of checks were put in place in order to protect users. If
|
introduced. A variety of checks were put in place in order to protect users. If
|
||||||
an address failed the check, the raw punycode would be displayed to disambiguate
|
an address failed the check, the raw punycode would be displayed to disambiguate
|
||||||
the address. Similar checks are performed by home servers in Matrix, which will
|
the address. Similar checks are performed by home servers in Matrix. However,
|
||||||
then warn the client about the potentially misleading ID. However, Matrix does
|
Matrix does not use punycode representations, and so does not show raw punycode
|
||||||
not use punycode, and so does not show raw punycode on a failed check. Instead,
|
on a failed check. Instead, home servers must outright reject these misleading
|
||||||
home servers must outright reject these misleading IDs.
|
IDs.
|
||||||
|
|
||||||
Types of human-readable IDs
|
Types of human-readable IDs
|
||||||
---------------------------
|
---------------------------
|
||||||
|
Loading…
Reference in New Issue
Block a user