[Idngwg] Summary of meeting and AIs from 15 Dec.

Wed Dec 21 20:35:11 UTC 2016

Dear all,

My home work was action item 1. Here is my update, based on the discussions during the two last meetings, of the text I submitted two weeks ago.

<S1>
//Revised text by MD 2016-12-21:

BACKGROUND

It is a well-known fact that within the Unicode repertoire it is possible to find two or more code points that have identical or confusingly similar glyphs, i.e. visual appearance. If two codepoints have identical glyphs they are called homoglyphs, or else they could be called confusable variants. Sometimes the number of code points are more than two, i.e. it is a group of code points with identical or confusingly similar glyphs.

IDNA2008, which is the target for this document, only accepts a subset of the Unicode repertoire, which in this case means that the number of possible confusing code points is reduced.

Confusables and homoglyphs can be found both within the same Unicode script, and between different Unicode scripts. Well-known homoglyphs of the latter type are found in Armenian, Cyrillic, Greek, and Latin scripts (but are also found between several other Unicode scripts).

RISK

If there are no restrictions on the registration of domain names only differing on homoglyphs of confusingly similar glyphs, then the risk of attacks on domain names increases. This can lead to an increase of fraud and reduced trust in the domain name system.

SOURCES

The Unicode provides two documents "intentional.txt" (3) and "confusables.txt" (4) with true homoglyphs and all confusingly similar glyphs, respectively. During the work with variants for the root zone, i.e. for existing and future IDN TLDs, work has been done to identify such pairs or group of such glyphs (6).

MITIGATION

To mitigate the risk of visually identical or confusingly similar IDN labels under the same TLD, a process of harmonization must take place, i.e. a process whereby contextual rules or variant rules make it impossible that two such labels are registered under the same TLD by two different registrars. Which code points to involve is partly a question of policy.

It is important to point out that the harmonization process must work both within and between the IDN tables for the TLD.

RECOMMENDATIONS

The registry of a TLD MUST prevent only differing on homoglyphs from "intentional.txt" (3) to be registred by different registrars.

The registry of a TLD MUST prevent only differing on homoglyphs that are considered to variants by the root zone work (6) to be registred by different registrars.

The registry of a TLD SHOULD prevent only differing on confusingly similar glyphs from "confusables.txt" (4) to be registred by different registrars.

REFERENCES

1. "Homoglyph", <https://en.wikipedia.org/wiki/Homoglyph>
2. "Unicode Security Mechanisms", Technical Standard #39, http://unicode.org/reports/tr39/
3. "intentional.txt" (see TS#39), ftp://ftp.unicode.org/Public/security/revision-02/intentional.txt
4. "confusables.txt", (see TS#39), ftp://ftp.unicode.org/Public/security/revision-02/confusables.txt
5. "Internationalized Domain Names Registration and Administration Guidelines for European Languages Using Cyrillic", appendix A, https://tools.ietf.org/html/rfc5992
6. "Proposals for Root Zone Label Generation Ruleset (LGR)", https://www.icann.org/resources/pages/lgr-proposals-2015-12-01-en
</S1>

Yours,
Mats

---
Mats Dufberg
DNS Specialist, IIS
Mobile: +46 73 065 3899
https://www.iis.se/en/

From: <idngwg-bounces at icann.org> on behalf of Sarmad Hussain <sarmad.hussain at icann.org>
Date: Sunday 18 December 2016 at 03:31
To: idngwg <idngwg at icann.org>
Subject: [Idngwg] Summary of meeting and AIs from 15 Dec.

Dear All,

Please find attached the summary of the meeting of the WG on 15 Dec.  Please let me know if there are any changes or suggestions.

The meeting has the following AIs:

S. No.

Action Items

Owner

1

Update the recommendation on harmonization for the registries adhering to data from intentional.txt and root zone LGR as a “must” and also encourage registries to look at confusables.txt (but latter not as a “must”)

MD

2

Re-write the recommendation on automatic activation based on the current input for further discussion

EC

3

Add recommendation 5 from version 3.0 of the guidelines for further discussion and inclusion in the current version

SH

The next meeting is schedule for 22 Dec. 11am UTC.

The attached notes of the meeting and the recording of the meeting are available at the IDNGWG wiki page at https://community.icann.org/display/IDN/IDN+Implementation+Guidelines.

Regards,
Sarmad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/idngwg/attachments/20161221/acaed4ec/attachment-0001.html>