WhiteList/BlackList TLD Services Overview

This document introduces the Whitelist/Blacklist Top-Level Domain services of the InetURIList framework.

International domain names support increases the vulnerability of the device to homograph attacks (also called phishing), by allowing addresses (URIs) to contain UTF-8 characters. By using non-ASCII characters that are visually similar to familiar letters, attacks can lead the Internet user to harmful sites.

To address this issue, the InetURIList framework provides a list of suspect characters (a BlackList) for each top-level domain (TLD). The framework also lists trusted characters in TLD-specific WhiteLists. This enables applications to detect safe and unsafe URIs depending on their top-level domain and the characters they contain.

The Blacklists and Whitelists are stored in an XML file installed on the device. You can replace the default TLD policy file by installing an SIS package containing the updated lists.

Applications can query the TLD list but cannot dynamically change its contents.