[Latingp] From IP: Diacritics below a security risk?

Thu Aug 30 14:40:02 UTC 2018

>  I find it very unlikely that an entity would even apply for approval for a top-level label that is visually confusable of another.
In which case, why would it be a problem if we identify something as a variant?  
The downside would appear to be all on the side of failing to identify something that presents a problem, not on the side of "over-producing".  As several of us noted last week, the conservative approach is to identify MORE variants -- because it is far, far easier to go back later and remove one than it is to go back later and add one. 

>  Security risk analysis deserves a place in our work, but should first focus on real issues and not hypothetical ones.
I'm not entirely clear what you think those "real issues" are.  We are entirely in the business, in identifying variants, in looking at hypothetical cases.  (Or are there actual submissions for new TLDs using new codepoints which are on hold pending the completion of our work?  I haven't seen such examples raised here....)  

>  I appreciate that any additional work will delay our submission to IP before our workshop in early October. But I think it is better that we take the time to deliver a quality work.
I completely agree on the need to take as long as necessary to do the job right.  But we can still give the IP a draft now to show them where we think we are, here at the end of August, to help guide us going forward.  Even if we must note that some of the lists are still works in progress.

I think it would be useful, in order to get the most comprehensive feedback from the IP, to include in our forthcoming draft several varieties of what you characterize as "corner cases".  That way, the IP has the opportunity to tell us if they think we are going overboard.  They are far more likely, after all, to give us feedback like "We don't think this case is sufficiently similar to be a variant" than they are to give us feedback like "We think you should have included this case, because we think it is sufficiently similar."  So let's give them the opportunity to do that.
 Bill Jouris
Inside Products
bill.jouris at insidethestack.com
831-659-8360
925-855-9512 (direct)

      From: "Tan Tanaka, Dennis via Latingp" <latingp at icann.org>
 To: Sarmad Hussain <sarmad.hussain at icann.org>; "latingp at icann.org" <latingp at icann.org> 
 Sent: Thursday, August 30, 2018 7:17 AM
 Subject: Re: [Latingp] From IP: Diacritics below a security risk?

 <!--#yiv9447630462 _filtered #yiv9447630462 {font-family:"Cambria Math";panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv9447630462 {font-family:DengXian;panose-1:2 1 6 0 3 1 1 1 1 1;} _filtered #yiv9447630462 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv9447630462 {panose-1:2 1 6 0 3 1 1 1 1 1;}#yiv9447630462 #yiv9447630462 p.yiv9447630462MsoNormal, #yiv9447630462 li.yiv9447630462MsoNormal, #yiv9447630462 div.yiv9447630462MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri", sans-serif;}#yiv9447630462 a:link, #yiv9447630462 span.yiv9447630462MsoHyperlink {color:#0563C1;text-decoration:underline;}#yiv9447630462 a:visited, #yiv9447630462 span.yiv9447630462MsoHyperlinkFollowed {color:#954F72;text-decoration:underline;}#yiv9447630462 p.yiv9447630462MsoListParagraph, #yiv9447630462 li.yiv9447630462MsoListParagraph, #yiv9447630462 div.yiv9447630462MsoListParagraph {margin-right:0in;margin-left:0in;font-size:11.0pt;font-family:"Calibri", sans-serif;}#yiv9447630462 p.yiv9447630462msonormal0, #yiv9447630462 li.yiv9447630462msonormal0, #yiv9447630462 div.yiv9447630462msonormal0 {margin-right:0in;margin-left:0in;font-size:11.0pt;font-family:"Calibri", sans-serif;}#yiv9447630462 span.yiv9447630462EmailStyle19 {font-family:"Calibri", sans-serif;color:windowtext;}#yiv9447630462 span.yiv9447630462apple-converted-space {}#yiv9447630462 .yiv9447630462MsoChpDefault {font-size:10.0pt;} _filtered #yiv9447630462 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv9447630462 div.yiv9447630462WordSection1 {}#yiv9447630462 _filtered #yiv9447630462 {} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;} _filtered #yiv9447630462 {font-family:Symbol;}#yiv9447630462 ol {margin-bottom:0in;}#yiv9447630462 ul {margin-bottom:0in;}-->Interesting input that we should not take lightly and ought to put serious thought on it. A few things to consider:    
   - Let’s be cautious to not over-produce variants due to corner cases. The example below is a second-level domain name and our work is relevant for the top-level. Unlike second-level, the top level has an extraordinarily high bar for existence (i.e. there needs to be application round in process, there are substantial application fees, technical and financial requirements to run a registry, etc.). Therefore, I find it very unlikely that an entity would even apply for approval for a top-level label that is visually confusable of another. Even in that event, ICANN has other mechanisms (e.g. String Similarity Review, DNS Stability Review) to stop similar applied-for TLDs from progressing in the application process. 
   - Security risk analysis deserves a place in our work, but should first focus on real issues and not hypothetical ones.  Do we have examples of this being observed in practice? 
   - This input deviates from past guidance, so we need to assess the ramifications to our principles of inclusion for in-script and cross-script variants. On this note, I appreciate that any additional work will delay our submission to IP before our workshop in early October. But I think it is better that we take the time to deliver a quality work.
    -Dennis    From:Latingp <latingp-bounces at icann.org> on behalf of Sarmad Hussain <sarmad.hussain at icann.org>
Date: Wednesday, August 29, 2018 at 2:58 AM
To: Latin GP <latingp at icann.org>
Subject: [EXTERNAL] [Latingp] From IP: Diacritics below a security risk?    Dear Latin GP members      Kindly find below some feedback from IP for your consideration.    Regards  Sarmad  

TO: LatinGP
FROM: IP

There are recent and widely published examples of phishing attacks using Latin IDNs in which the key features involved were diacritics below the letter. Here is an example:  Of all diacritics, diacritics below can be difficult to distinguish or be prone to clipping -- there is less space below the baseline than between the typical lowercase glyph and the top of the line. The example given above shows a further interaction with URL underlining - and not all display engines actually do as nice a job interrupting the underline as in the screen shot above. For example, here is how one system will render this (using a designated UI font - Segoe UI):  Note, this code point (U+1E33) is in the MSR as is (U+1E35 LATIN SMALL K WITH LINE BELOW).  The second example contains U+1E35 --  while the effect does not show equally at all type sizes, from 12pt and below the LINE BELOW is reliably hidden. Here are the two examples at 10pt  The issue is not limited to "K". We see "B", "D", "L" and "N" with both DOT and LINE BELOW and "M" and "H" with DOT BELOW, all on the same page in the MSR. It can be argued users have no working understanding of typography and would not reliably interpret small gaps or bulges in the underline as being related to an unfamiliar code point. This appears to make all diacritics below security-sensitive, however, the initial determination belongs to the relevant GPs. Note by the way that the Devanagari LGR treats sequences containing NUKTA (a dot below) as variants in at least some cases and recent community comments for that script are calling for more variant sequences. However, while the feature is graphically analog (dot below), each script works differently and there is no single a-priori solution. The IP would like to encourage the LatinGP (and any other GP facing cases like this) to explicitly examine this example and other cases like it, where code points can become indistinguishable in common usage scenarios for IDNs, and formally conclude whether and how to take these into account when designing their LGR. At this point, the IP would expect the GP to: * explicitly discuss this and other scenarios like it * evaluate whether they constitute a security risk to the Root Zone * come up with a reasoned decision as to whether and how to address them in the design of the Latin GP; and finally * document both the decision and its rationale. In coming to a decision, the GP may resolve: 1) to make them variants 2) to list them for attention as confusable 3) to take no action, because the GP feels that they do not represent a special security risk. As part of the review of the Latin LGR, the IP will look at the background and rationale offered by the Latin GP in coming to its conclusion; note that if the IP feels that the facts considered and rationale documented do not support the conclusion reached by the GP it may raise objections at that time. 
_______________________________________________
Latingp mailing list
Latingp at icann.org
https://mm.icann.org/mailman/listinfo/latingp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/c2f5baaf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 777 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/c2f5baaf/image004-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 939 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/c2f5baaf/image003-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 878 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/c2f5baaf/image002-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 131067 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/latingp/attachments/20180830/c2f5baaf/image001-0001.png>