[UA-discuss] FW: I-D Action: draft-klensin-idna-rfc5891bis-00.txt

nalini.elkins at insidethestack.com nalini.elkins at insidethestack.com
Mon Mar 13 15:22:37 UTC 2017


>Are these all single-script creations? 

No.

> I fear your algorithm is rather more expansive than is reasonable.  

We will see if it is.   Let's see what combinations of scripts are actually being registered.

> This is hardly the first time the issue has been studied.  The combinatorial explosion problem is a well-known and well-discussed one.  The ICANN Variant Issues
> Project explored an awful lot of this.

Whatever they did or didn't do, what is going on in reality is that people are doing this and no one is stopping them.

Nalini

--------------------------------------------
On Mon, 3/13/17, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:

 Subject: Re: [UA-discuss] FW: I-D	Action:	draft-klensin-idna-rfc5891bis-00.txt
 To: ua-discuss at icann.org
 Date: Monday, March 13, 2017, 8:14 AM
 
 On Mon, Mar 13, 2017 at
 02:46:42PM +0000, nalini.elkins at insidethestack.com
 wrote:
 
 >  Of course, it
 is not just the "decoration" that is of
 interest.
 > There are quite a few other
 characters from other scripts that are
 >
 confusable possibilities.
 
 In general, cross-script registration is a bad
 idea.  We have known
 this since at least
 2003.  The LGR work points out that
 script-language definitions is generally a good
 idea for
 multi-language scripts.  
 
 > It is an interesting
 problem.  For example, we took one 6 character
 > name of a business which is trademarked
 & ran it through my
 > algorithm, we
 came up with over 1 million possible permutations.
 > This is because you can use more than one
 character look-alike.
 
 Are
 these all single-script creations?  I fear your algorithm
 is
 rather more expansive than is
 reasonable.  This is hardly the first
 time
 the issue has been studied.  The combinatorial explosion
 problem
 is a well-known and well-discussed
 one.  The ICANN Variant Issues
 Project
 explored an awful lot of this.
 
 > Lest you think that this doesn't
 happen, we have already found names registered which use
 more than one confusable.
 
 Of course it happens.  That's actually
 what all proposals for
 restrictions are
 about.  
 
 > I call them
 "miscreants" because it is difficult for me to
 believe that someone who registers a variation of
 "mybank.com" or "apple.com" has
 something good on their mind.
 > 
 
 It doesn't help us to
 think clearly about the issues to start trying
 to do psycological analysis and
 intention-attribution of the people
 doing
 these things.  _Regardless_ of the intention, it's an
 attack
 vector, and I think that is part of
 what we need to take into
 consideration.
 
 Best regards,
 
 A
 
 -- 
 Andrew Sullivan
 ajs at anvilwalrusden.com
 


More information about the UA-discuss mailing list