[Latingp] From IP: Diacritics below a security risk?

Thu Aug 30 14:16:55 UTC 2018

Interesting input that we should not take lightly and ought to put serious thought on it. A few things to consider:

  *   Let’s be cautious to not over-produce variants due to corner cases. The example below is a second-level domain name and our work is relevant for the top-level. Unlike second-level, the top level has an extraordinarily high bar for existence (i.e. there needs to be application round in process, there are substantial application fees, technical and financial requirements to run a registry, etc.). Therefore, I find it very unlikely that an entity would even apply for approval for a top-level label that is visually confusable of another. Even in that event, ICANN has other mechanisms (e.g. String Similarity Review, DNS Stability Review) to stop similar applied-for TLDs from progressing in the application process.
  *   Security risk analysis deserves a place in our work, but should first focus on real issues and not hypothetical ones.  Do we have examples of this being observed in practice?
  *   This input deviates from past guidance, so we need to assess the ramifications to our principles of inclusion for in-script and cross-script variants. On this note, I appreciate that any additional work will delay our submission to IP before our workshop in early October. But I think it is better that we take the time to deliver a quality work.

-Dennis

From: Latingp <latingp-bounces at icann.org> on behalf of Sarmad Hussain <sarmad.hussain at icann.org>
Date: Wednesday, August 29, 2018 at 2:58 AM
To: Latin GP <latingp at icann.org>
Subject: [EXTERNAL] [Latingp] From IP: Diacritics below a security risk?

Dear Latin GP members

Kindly find below some feedback from IP for your consideration.

Regards
Sarmad

TO: LatinGP
FROM: IP

There are recent and widely published examples of phishing attacks using Latin IDNs in which the key features involved were diacritics below the letter. Here is an example:

[cid:part1.E6E9F88C.32B00687 at ix.netcom.com]

Of all diacritics, diacritics below can be difficult to distinguish or be prone to clipping -- there is less space below the baseline than between the typical lowercase glyph and the top of the line.

The example given above shows a further interaction with URL underlining - and not all display engines actually do as nice a job interrupting the underline as in the screen shot above. For example, here is how one system will render this (using a designated UI font - Segoe UI):

[cid:part2.59964F92.16B1BC0B at ix.netcom.com]

Note, this code point (U+1E33) is in the MSR as is (U+1E35 LATIN SMALL K WITH LINE BELOW).

[cid:part3.99B9649E.C3C335FC at ix.netcom.com]

The second example contains U+1E35 --  while the effect does not show equally at all type sizes, from 12pt and below the LINE BELOW is reliably hidden. Here are the two examples at 10pt

[cid:part4.B43CE3FD.8C84EACF at ix.netcom.com]

The issue is not limited to "K". We see "B", "D", "L" and "N" with both DOT and LINE BELOW and "M" and "H" with DOT BELOW, all on the same page in the MSR.

It can be argued users have no working understanding of typography and would not reliably interpret small gaps or bulges in the underline as being related to an unfamiliar code point. This appears to make all diacritics below security-sensitive, however, the initial determination belongs to the relevant GPs.

Note by the way that the Devanagari LGR treats sequences containing NUKTA (a dot below) as variants in at least some cases and recent community comments for that script are calling for more variant sequences. However, while the feature is graphically analog (dot below), each script works differently and there is no single a-priori solution.

The IP would like to encourage the LatinGP (and any other GP facing cases like this) to explicitly examine this example and other cases like it, where code points can become indistinguishable in common usage scenarios for IDNs, and formally conclude whether and how to take these into account when designing their LGR.

At this point, the IP would expect the GP to:

* explicitly discuss this and other scenarios like it

* evaluate whether they constitute a security risk to the Root Zone

* come up with a reasoned decision as to whether and how to address them in the design of the Latin GP; and finally

* document both the decision and its rationale.

In coming to a decision, the GP may resolve:

1) to make them variants

2) to list them for attention as confusable

3) to take no action, because the GP feels that they do not represent a special security risk.

As part of the review of the Latin LGR, the IP will look at the background and rationale offered by the Latin GP in coming to its conclusion; note that if the IP feels that the facts considered and rationale documented do not support the conclusion reached by the GP it may raise objections at that time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/23d1e31d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 131067 bytes
Desc: image001.png
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/23d1e31d/image001-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 878 bytes
Desc: image002.png
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/23d1e31d/image002-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 939 bytes
Desc: image003.png
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/23d1e31d/image003-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 777 bytes
Desc: image004.png
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/23d1e31d/image004-0001.png>