Recently, the Shmoo Group discovered that Firefox is vulnerable to precisely the exploit that i predicted in my 2002 paper—Ping

It seems feasible to me to choose (or design) a font that would make all of the 7-bit printable ASCII characters clearly distinguishable. For domain recognition we don’t even need all the characters—just the letters, digits, hyphen, and period.

This does not seem feasible to me for a character set as large as Unicode, and flatly impossible for Unicode in particular because Unicode includes characters that are *defined* to be invisible or to combine with other characters to yield perfect homographs.—Ping

Render non 7-bit printable ASCII characters in a different color. Or with a different color background. —Mike

How do you render a zero-width non-breaking space in a different colour? :)

Actually, i think your suggestion is a pretty good idea. Some invisible characters would still need to be outlawed, but for the remaining ones, the use of colour could help.—Ping

They are not legal in punycode, so the point is moot. —Ben

Problem if relying on differently colored characters, not if using background color covering some minimum width for each non-P7ASCII character.—Mike

What happens if the character set includes the full set of non 7-bit printable ASCII characters to mimics all needed letters?

E.g., we see a totally purple "paypal" ? As nobody to date has complained about the yellow background colour of Firefox 1.0 URL bar, my guess is that this will pass by too.—Ian

Only "paypal" would have a purple background, not the entire URL bar. That would look considerably more odd than the entire URL bar background switching to light yellow for https. Why would anyone complain about Firefox’s yellow https URL bar, and why are you certain that you would have heard about it if they had?

My suggestion doesn’t help people who want to visit non-P7ASCII domains.—Mike

Ah... so only the colorblind have trouble. Doesn’t seem very ADA friendly to me... :)—John