[UA-discuss] Re : Re: UASG Response to WordFence IDN Phishing concerns

Wed Apr 26 08:30:37 UTC 2017

most use of idn.ascii gTLD as far as I know is .com for example
http://путин.com/ <http://xn--h1akeme.com/>
Basically most of the confusing cases discussed above are from .com

--andrei

2017-04-26 10:35 GMT+03:00 Dr. AJAY D A T A <ajay at data.in>:

> Hello Don,
>
> Which all registries are allowed to register mix of scripts domain while
> registering an IDN. I checked .pyc (Cyrillic) and .भारत (Devanagiri) do not
> allow mix of scripts.  I think we address those registries through ICANN by
> modifying the registry agreement, major problem can be solved.
>
> Thanks.
>
> *Dr. Ajay DATA* * | Founder & CEO *
> Get email id like *अजय@डाटा.भारत* in your own language,
> visit www.xgenplus.com
>
> ------------------------------
> *From:* "Tan Tanaka,Dennis via UA-discuss" <ua-discuss at icann.org>  MailId
> : [68456683]
> *To:* Don Hollander <don.hollander at icann.org>,"ua-discuss at icann.org" <
> ua-discuss at icann.org>
> *Subject: *Re: [UA-discuss] UASG Response to WordFence IDN Phishing
> concerns
> *Date:* 25 Apr 2017 06:28:22 PM
>
> Don, my comments enclosed
>
>
>
> Thanks
>
> -Dennis
>
>
>
> *From: *<ua-discuss-bounces at icann.org> on behalf of Don Hollander <
> don.hollander at icann.org>
> *Date: *Monday, April 24, 2017 at 5:40 PM
> *To: *"UA-discuss at icann.org" <ua-discuss at icann.org>
> *Subject: *[EXTERNAL] [UA-discuss] UASG Response to WordFence IDN
> Phishing concerns
>
>
>
> Further to recent discussion on this list, we have drafted a document that
> we plan on posting as a Blog Post to the UASG Web site that can be
> referenced by others.
>
>
>
> We want to get feedback from the community on this document by Thursday
> UTC.
>
>
>
> So, here it is – pasted below and as a word document in case you want to
> enable tracking and make amendments.   If you have comments or suggestions,
> please share them to this group.
>
>
>
> Don
>
>
>
>
>
>
>
> *IDNs and Phishing: What You Need to Know*
>
> By TBD at UASG
>
>
>
> Internationalized Domain Names
> <https://www.icann.org/resources/pages/idn-2012-02-25-en> (IDNs) are
> growing in popularity, a testament to their role in the expansion of the
> global Internet and the value they provide in connecting non-English
> speakers to the Web. However, you may have noticed a renewed focus over the
> past week of a script mixing technique that phishing scammers could
> potentially use to trick Internet users into visiting malicious websites.
> This phishing method takes advantage of the fact that characters from
> various languages and scripts are sometimes visually similar to each other.
> For example, the Cyrillic “а” and the ASCII
> <https://en.wikipedia.org/wiki/ASCII> “a” look virtually identical. This
> technique is known as a homograph attack.
>
>
>
> Homographic phishing efforts associated with IDNs are not new. In fact,
> they date back to the early 2000s. Registries have since implemented
> policies that preclude mixing scripts[1] <#m_8042960321159864960__ftn1>
> within a domain name label.
>
>
>
> While this issue should be taken seriously and serves as an important
> reminder of consumer safety, various IDN and anti-abuse groups are actively
> working to mitigate potential threats, and there are already certain
> browser-set protections in place. In the meantime, Internet users should
> practice the same basic security hygiene that is always recommended: avoid
> clicking suspicious links, and use a good password manager that will only
> enter login credentials on trusted sites.
>
>
>
> Equally important is to recognize the benefits of IDNs and avoid disabling
> them, which could lead to an unpredictable user experience and eventually a
> decrease in adoption. IDNs are essential in bringing non-English speakers –
> the majority of the world’s population – online, and allowing those users
> to create their own highly relevant online identities as well as navigate
> the Internet in their native languages. In addition to the social and
> cultural benefits of IDNs, they also represent a significant economic
> opportunity; a recent report <https://uasg.tech/whitepaper/> commissioned
> by the Universal Acceptance Steering Group (UASG) found that online
> spending from new IDN users could start at USD 6.2 billion per year.
>
>
>
> The UASG’s mission is to help software developers and website owners keep
> pace with the evolving Domain Name System (DNS) – and this includes issues
> around the adoption and acceptance of IDNs. If you’d like to get involved
> in helping work toward a solution to this and other IDN-related issues,
> please visit https://uasg.tech/ or get in touch
> <https://uasg.tech/contact/> to learn more.
>
>
>
>
>
>
> ------------------------------
>
> ------------------------------
>
> [1] <#m_8042960321159864960__ftnref1> Exceptions are practiced for
> languages with established orthographies and conventions that require the
> commingled use of multiple scripts, e.g. the Japanese writing system.
>
> Do not Remove:
> [HID]20170425182821379[-HID]
>

-- 
Andrey Kolesnikov
RIPN.NET
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20170426/622e8dd5/attachment.html>