[UA-discuss] Fw: Re: IDN Implementation Guidelines [RE: Re : And now about phishing...]
nalini.elkins at insidethestack.com
nalini.elkins at insidethestack.com
Sat Apr 22 16:49:20 UTC 2017
> From: Andrew Sullivan <ajs at anvilwalrusden.com>
> Subject: Re: [UA-discuss] Fw: Re: IDN Implementation Guidelines [RE: Re : And now about phishing...]
> To: ua-discuss at icann.org
> Date: Saturday, April 22, 2017, 9:16 AM
> On Sat, Apr 22, 2017 at 01:32:08PM +0000, nalini.elkins at insidethestack.com wrote>
>> For example, you may wish to see the following permutations which have already been obtained. (And, it appears not by Apple)
>>
>> www.applé.com www.xn--appl-epa.com www.xn--appl-epa.com
>> www.applê.com www.xn--appl-jpa.com www.xn--appl-jpa.com
>> www.applė.com www.xn--appl-yva.com www.xn--appl-yva.com
>> www.applę.com www.xn--appl-8va.com www.xn--appl-8va.com
>
> Do you think that those qualify as "homographs"? I suppose they might, as might àpple.com and so on, but these at least don't seem to
> me to be any different than app1e.com, which we decided long ago was Apple's problem and nobody else's.
I guess so. It is just that because of internationalization, so many more of such permutations are possible. I think it might be useful
to have another term for this:
Here is an attempt:
Homograph: a domain name that has characters that are visually indistinguishable (I am intentionally leaving out the font issues)
Resembler: a domain name that can be easily visually confused for another well-known domain
>From talking to various organizations, "Resemblers" are very definitely a concern. Whether this should be a policy from ICANN, someone
else, or left to independent software vendors ala NaliniResemblerAndHomographFinder (tm), is an interesting question.
>
> This is quite different to the case of true homoglyphs of the sort that Asmus is talking about, where the very same glyph is normally
> used in two different scripts such that nobody would be able to tell the difference. One maybe could argue that "аррӏе" is pure homoglyphs
> (0430,0440,0440,04CF, 0435), but I think it's tough to argue for it.
>
> Remember, the IDNA rules are really _quite_restrictive, and if registries also require "same script per label" those restrictions
> catch an _awful_ lot of corner cases (that was the outcome of the "paypal" controversy some time ago).
>
> If you want to argue that policy should be different, that's fine, but it seems to me to require some PDP within ICANN. Note that ICANN is
> probably going to propose some rules for variant handling, and combined with the LGR stuff that is working its way through the system
> we may find an awful lot of stuff is blocked.
One of my guys is working in the LatinGeneration panel if that is what you are talking about. So far, I believe they are at the TLD level.
>
> In any case, I think our purpose is very badly served by conflating these two different kinds of issues.
>
Sure.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Untitled
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20170422/30ed7177/Untitled.ksh>
More information about the UA-discuss
mailing list