Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Describe mitigations for homoglyph/typo-squatting attacks and name duplication #128

Merged
merged 10 commits into from
Jul 15, 2024
Merged

Describe mitigations for homoglyph/typo-squatting attacks and name duplication #128

merged 10 commits into from
Jul 15, 2024

Conversation

scouten-adobe
Copy link
Contributor

Closes #117.

@scouten-adobe scouten-adobe added this to the 1.0 milestone Jun 17, 2024
@scouten-adobe scouten-adobe self-assigned this Jun 17, 2024
@scouten-adobe scouten-adobe changed the title Homoglyph attacks may not be directly solvable Describe mitigations for homoglyph/typo-squatting attacks and name duplication Jul 8, 2024
@scouten-adobe scouten-adobe mentioned this pull request Jul 8, 2024
Closed
puhley
puhley reviewed Jul 8, 2024
View reviewed changes
docs/modules/ROOT/pages/index.adoc Outdated
@@ -904,11 +904,22 @@ Any content including, but not limited to the _<<_named_actor,named actor’s>>_

The effectiveness of such attacks will necessarily be dependent on the language and other related development tooling in use for any given implementation. Beyond reminding implementors that parsing and validation errors are a likely attack surface, it is outside the scope of this specification to provide language-specific guidance.

==== Homoglyph and typo-squatting attacks
==== Homoglyph and typo-squatting attacks and name duplication
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Name collisions"? - Duplication suggests putting it twice?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Speaking of putting things twice, I just realized we have an existing "Name collisions" section. I've cross-referenced the two sections and removed this part of this header.

@scouten-adobe scouten-adobe requested a review from puhley July 9, 2024 20:16
scouten-adobe
scouten-adobe commented Jul 9, 2024
View reviewed changes
docs/modules/ROOT/pages/index.adoc
@@ -892,7 +892,7 @@ NOTE: The above questions target name collisions for individuals, but the same q

Whether a name collision is intentional or coincidental, careful attention should be paid as to how to gather the appropriate technical details to allow differentiate distinct _<<_named_actor,named actors>>_ and to meaningfully expose that differentiation in user experience.

NOTE: TO DO (link:https://github.com/creator-assertions/identity-assertion/issues/115[issue #115]): Think through identity presentation so as to provide meaningful differentiation between similarly-named _<<_actor,actors>>._
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this TO DO link since we moved #115 to post-1.0 milestone.

@scouten-adobe scouten-adobe merged commit 27855c6 into main Jul 15, 2024
1 check passed
@scouten-adobe scouten-adobe deleted the homoglyph-attacks branch July 15, 2024 21:09
@github-actions github-actions bot locked and limited conversation to collaborators Jul 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@puhley puhley Awaiting requested review from puhley

Assignees

@scouten-adobe scouten-adobe

Labels
None yet
Projects
None yet
Milestone
1.0
Development

Successfully merging this pull request may close these issues.

Add guidance for homoglyph and typo-squatting attacks
2 participants
@scouten-adobe @puhley