[UA-discuss] Fw: Re: IDN Implementation Guidelines [RE: Re : And now about phishing...]

nalini.elkins at insidethestack.com nalini.elkins at insidethestack.com
Sat Apr 22 16:49:20 UTC 2017


> From: Andrew Sullivan <ajs at anvilwalrusden.com>
> Subject: Re: [UA-discuss] Fw: Re: IDN Implementation Guidelines [RE: Re : And now about    phishing...]
> To: ua-discuss at icann.org
> Date: Saturday, April 22, 2017, 9:16 AM
> On Sat, Apr 22, 2017 at 01:32:08PM +0000, nalini.elkins at insidethestack.com wrote> 

>> For example, you may wish to see the following permutations which have already been obtained.  (And, it appears not by Apple)
>> 
>> www.applé.com   www.xn--appl-epa.com   www.xn--appl-epa.com     
>> www.applê.com   www.xn--appl-jpa.com    www.xn--appl-jpa.com     
>> www.applė.com   www.xn--appl-yva.com   www.xn--appl-yva.com     
>> www.applę.com   www.xn--appl-8va.com   www.xn--appl-8va.com
>
 
> Do you think that those qualify as "homographs"?  I suppose they might, as might àpple.com and so on, but these at least don't seem to
> me to be any different than app1e.com, which we decided long ago was Apple's problem and nobody else's. 

I guess so.   It is just that because of internationalization, so many more of such permutations are possible.   I think it might be useful
to have another term for this:

Here is an attempt:

Homograph: a domain name that has characters that are visually indistinguishable (I am intentionally leaving out the font issues)

Resembler: a domain name that can be easily visually confused for another well-known domain


>From talking to various organizations, "Resemblers" are very definitely a concern.   Whether this should be a policy from ICANN, someone 
else, or left to independent software vendors ala NaliniResemblerAndHomographFinder (tm), is an interesting question.


> 
> This is quite different to the case of true homoglyphs of the sort that Asmus is talking about, where the very same glyph is normally
> used in two different scripts such that nobody would be able to tell the difference.  One maybe could argue that "аррӏе" is pure homoglyphs
> (0430,0440,0440,04CF, 0435), but I think it's tough to argue for it.
> 
> Remember, the IDNA rules are really _quite_restrictive, and if registries also require "same script per label" those restrictions
> catch an _awful_ lot of corner cases (that was the outcome of the "paypal" controversy some time ago).
> 
> If you want to argue that policy should be different, that's fine, but it seems to me to require some PDP within ICANN.  Note that ICANN is
> probably going to propose some rules for variant handling, and combined with the LGR stuff that is working its way through the system
> we may find an awful lot of stuff is blocked.


One of my guys is working in the LatinGeneration panel if that is what you are talking about.  So far, I believe they are at the TLD level.

> 
> In any case, I think our purpose is very badly served by conflating these two different kinds of issues.
> 

Sure.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Untitled
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20170422/30ed7177/Untitled.ksh>


More information about the UA-discuss mailing list