[UA-discuss] FW: I-D Action: draft-klensin-idna-rfc5891bis-00.txt
nalini.elkins at insidethestack.com
nalini.elkins at insidethestack.com
Mon Mar 13 15:22:37 UTC 2017
>Are these all single-script creations?
No.
> I fear your algorithm is rather more expansive than is reasonable.
We will see if it is. Let's see what combinations of scripts are actually being registered.
> This is hardly the first time the issue has been studied. The combinatorial explosion problem is a well-known and well-discussed one. The ICANN Variant Issues
> Project explored an awful lot of this.
Whatever they did or didn't do, what is going on in reality is that people are doing this and no one is stopping them.
Nalini
--------------------------------------------
On Mon, 3/13/17, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
Subject: Re: [UA-discuss] FW: I-D Action: draft-klensin-idna-rfc5891bis-00.txt
To: ua-discuss at icann.org
Date: Monday, March 13, 2017, 8:14 AM
On Mon, Mar 13, 2017 at
02:46:42PM +0000, nalini.elkins at insidethestack.com
wrote:
> Of course, it
is not just the "decoration" that is of
interest.
> There are quite a few other
characters from other scripts that are
>
confusable possibilities.
In general, cross-script registration is a bad
idea. We have known
this since at least
2003. The LGR work points out that
script-language definitions is generally a good
idea for
multi-language scripts.
> It is an interesting
problem. For example, we took one 6 character
> name of a business which is trademarked
& ran it through my
> algorithm, we
came up with over 1 million possible permutations.
> This is because you can use more than one
character look-alike.
Are
these all single-script creations? I fear your algorithm
is
rather more expansive than is
reasonable. This is hardly the first
time
the issue has been studied. The combinatorial explosion
problem
is a well-known and well-discussed
one. The ICANN Variant Issues
Project
explored an awful lot of this.
> Lest you think that this doesn't
happen, we have already found names registered which use
more than one confusable.
Of course it happens. That's actually
what all proposals for
restrictions are
about.
> I call them
"miscreants" because it is difficult for me to
believe that someone who registers a variation of
"mybank.com" or "apple.com" has
something good on their mind.
>
It doesn't help us to
think clearly about the issues to start trying
to do psycological analysis and
intention-attribution of the people
doing
these things. _Regardless_ of the intention, it's an
attack
vector, and I think that is part of
what we need to take into
consideration.
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the UA-discuss
mailing list