[UA-discuss] FW: I-D Action: draft-klensin-idna-rfc5891bis-00.txt

[Andrew Sullivan]

On Mon, Mar 13, 2017 at 02:46:42PM +0000, nalini.elkins at insidethestack.com wrote:

>  Of course, it is not just the "decoration" that is of interest.
> There are quite a few other characters from other scripts that are
> confusable possibilities.

In general, cross-script registration is a bad idea.  We have known
this since at least 2003.  The LGR work points out that
script-language definitions is generally a good idea for
multi-language scripts.  

> It is an interesting problem.  For example, we took one 6 character
> name of a business which is trademarked & ran it through my
> algorithm, we came up with over 1 million possible permutations.
> This is because you can use more than one character look-alike.

Are these all single-script creations?  I fear your algorithm is
rather more expansive than is reasonable.  This is hardly the first
time the issue has been studied.  The combinatorial explosion problem
is a well-known and well-discussed one.  The ICANN Variant Issues
Project explored an awful lot of this.

> Lest you think that this doesn't happen, we have already found names registered which use more than one confusable.

Of course it happens.  That's actually what all proposals for
restrictions are about.  

> I call them "miscreants" because it is difficult for me to believe that someone who registers a variation of "mybank.com" or "apple.com" has something good on their mind.
> 

It doesn't help us to think clearly about the issues to start trying
to do psycological analysis and intention-attribution of the people
doing these things.  _Regardless_ of the intention, it's an attack
vector, and I think that is part of what we need to take into
consideration.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com