W3C

- DRAFT -

Anti-Homograph-Attacks

18 Sep 2019

Attendees

Present
Regrets
Chair
YoshiroYoneya
Scribe
urata

Contents

<YoshiroYoneya> Agenda and slides are here: https://github.com/yoneyajp/AHA/wiki

<YoshiroYoneya> scribe: urata

<YoshiroYoneya> Agenda and slides are here: https://github.com/yoneyajp/AHA/wiki

introduction by Yoshiro Yoneya

named the group anti homograph attack AHA

https://github.com/yoneyajp/AHA/wiki

introduction slide

https://github.com/yoneyajp/AHA/blob/master/AHA-CG-Proposal.pptx

motivation is to create a place discuss about IDN homograph attack mitigation

yoneya: scope of CG
... focus is mainly on web browser

<urata_> yoneya: prof Mori will present detail

<urata_> mori: background

<urata_> https://github.com/yoneyajp/AHA/blob/master/20190918-W3C-mori.pdf

<urata_> mori: to tackle, create sham finder framework

<urata_> mori: use alexa ranking top 100/1000 to create reference

<urata_> mori: figure shows how sham finder works

<urata_> mori: question is existend of such Database

<urata_> http://unicode.org/reports/tr39/#Data_Collection

<urata_> mori: process to create DB called SimChar

<urata_> mori: get visual image of chars using BNU unifont

<urata_> mori: need to evaluate similality of gryphs which needs threshold

<urata_> Stats of DBs

<urata_> mori: using four pixels as threshold

<urata_> xxxx: dotted i and i without dot are confusable

<urata_> examples of confusable homogryphs

<urata_> mori: detected homogryphs are really confusable?

<urata_> mori: study with human has done

<urata_> mori: some pairs in confusable.txt are not feel confusabe from human

<urata_> mori: limitaion and future work

<urata_> mori: confusability differs by the speeking language of the person

<urata_> SimChar is available in github

<urata_> xxxx: quesiton about difficulty of evaluating of distance between gryphs

<urata_> yoneya: going to discussion session

<urata_> https://github.com/yoneyajp/AHA/blob/master/AHA-CG-Proposal.pptx

<urata_> yoneya: similar char list is not so large

<urata_> yoneya: so, it may be possible to embedded in apps

<urata_> yoneya: how to indicate confusable char?

<urata_> yoneya: candidate idea: indicating by color, by spacing, read aloud, creating special font

<urata_> yoneya: input of ideas from audiences are welcomed

<urata_> xxxx: question about asian script punicode

<urata_> mori: asian chars contains homogryps

<urata_> mori: asian chars are less used in IDNs

<urata_> yoneya: for non latin char users, they are not familiar with homograph attacks, such indication method of confuable chars are nessessary

<urata_> xxxx: worring about mixed script detction

<urata_> xxxx: lowcase L and number 1 are confusable

<urata_> yoneya: if app detect confusable chars, app can indcate with distinctive way

<urata_> xxxx: issues about skelton comparison, false positive

<urata_> xxxx: using real world confusion samples to improve threshold may be worthful

<urata_> xxxx: how to standardize the confusability may be difficult since opinions might be difference between groups

<urata_> xxxx: what groups means?

<urata_> xxxx: peple from apple, goolgle, mozzila may have different opinion about difining confusable pairs

<urata_> xxxx: speer phishing for screen reader users may be possible

<urata_> yoneya: have intention to create community group. draft charter is already prepared

<urata_> yoneya: if you think about joining to CG, please notify name to us

<urata_> xxxx: relationship with unicode consortium, etc?

<urata_> xxxx: bring this to ICANN ietf is in mind

<urata_> yoneya: w3c is good place to collecting internet users opinions

<urata_> yoneya: welcome opinions from audiences

<urata_> yoneya: please contact to yoneya's id or github

<urata_> https://github.com/yoneyajp/

<urata_> yoshiro.yoneya@jprs.co.jp

<YoshiroYoneya> Summary

<YoshiroYoneya> - We had around 15 attendees.

<YoshiroYoneya> - We got positive feedback from attendees.

<YoshiroYoneya> - We will propose forming a community group and announce its formation on a broader channel.

<YoshiroYoneya> - We will bring our deliverables to other SDOs such as IETF, ICANN and Unicode Consortium.

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2019/09/18 06:16:09 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)


WARNING: No "Present: ... " found!
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy
        <amy> Present+

Found Scribe: urata
Inferring ScribeNick: urata

WARNING: No "Topic:" lines found.


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]