<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I would expect a fair number of ccTLDs where it could be an issue as well.<div class=""><br class=""></div><div class="">Andrei: &nbsp;What about ccTLDs in other Cyrillic script communities? &nbsp;Have they taken the same precautions as .ru?</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">D</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 26/04/2017, at 9:40 PM, Dr. AJAY D A T A &lt;<a href="mailto:ajay@data.in" class="">ajay@data.in</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class="">  <div leftmargin="0" marginwidth="0" topmargin="0" marginheight="0" offset="0" class="">
<div class="">Exactly Andrie. Thank you for confirming the same.&nbsp;<br class=""><br class="">I confirmed with .pyc registry (we enabled EAI on <a href="x-msg://25/%D0%BF%D0%BE%D1%87%D1%82%D0%B0.%D1%80%D1%83%D1%81" target="_blank" class="">почта.рус</a>) also and they are not allowed (as per agreement) to use any other script other than Cyrillic.&nbsp;</div>
<div class="">&nbsp;</div>
<div class="">So basically it looks like .com problem. Any other examples other than .com ? &nbsp;It narrows down the problem to solve.&nbsp;<br class=""><br class="">Thanks.&nbsp;<br class=""><br class=""></div>
<div id="mySignature" class="">
<div class="">
<div style="font-weight: normal; font-size: inherit;" class="">
<div class=""><span style="color: #333399; font-family: Tahoma; font-size: 11px;" data-mce-mark="1" class=""><strong class="">Dr. Ajay&nbsp;<span style="color: #333399; font-family: Tahoma; font-size: 11px;" data-mce-mark="1" class="">DATA</span></strong> <strong class=""><span style="color: #333399; font-family: Tahoma; font-size: 11px;" data-mce-mark="1" class="">&nbsp;</span>| Founder &amp; CEO&nbsp;</strong></span></div>
</div>
<div style="font-weight: normal; font-size: inherit;" class=""><span style="font-size: x-small;" class="">Get email id like <strong style="font-size: 10px;" class="">अजय@डाटा.भारत</strong>&nbsp;in your own language,<br class="">visit&nbsp;<a style="font-size: 10px;" href="http://www.xgenplus.com/" target="_blank" class="">www.xgenplus.com</a>&nbsp;</span></div>
</div>
<div id="__hggasdgjhsagd_once" style="display: none;" class="">&nbsp;</div>
</div>
<hr class=""><strong class="">From:</strong> Andrei Kolesnikov &lt;<a href="mailto:andrei@rol.ru" class="">andrei@rol.ru</a>&gt;&nbsp;&nbsp;<span style="font-family: verdana; font-size: xx-small;" class="">MailId : [68484721]</span><br class=""><strong class="">To:</strong> Don Hollander &lt;<a href="mailto:don.hollander@icann.org" class="">don.hollander@icann.org</a>&gt;<br class=""><strong class="">Cc:</strong> "Dr. AJAY D A T A" &lt;<a href="mailto:ajay@data.in" class="">ajay@data.in</a>&gt;,tan tanakadennis via ua-discuss &lt;<a href="mailto:ua-discuss@icann.org" class="">ua-discuss@icann.org</a>&gt;<br class=""><strong class="">Subject: </strong>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<br class=""><strong class="">Date:</strong> 26 Apr 2017 02:16:05 PM <br class=""><br class="">
<div dir="ltr" class="">
<div class="">
<div class="">Don, <br class="">there is no such thing as IDN at .RU - only ascii allowed - we understood the problem long time ago due to similarity of many Cyrillic letters with Latin. </div>
In IDN .РФ in Russia only Cyrillic allowed. <br class="">This definitely must be the rule for registries. Or some kind of immediate mitigation service to bring down dangerous domains. <br class=""><br class=""></div>
--andrei</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">2017-04-26 11:34 GMT+03:00 Don Hollander <span dir="ltr" class="">&lt;<a href="mailto:don.hollander@icann.org" target="_blank" class="">don.hollander@icann.org</a>&gt;</span>:<br class="">
<blockquote class="gmail_quote" style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;">
<div style="word-wrap: break-word;" class="">Hi Andrei:
<div class="">&nbsp;</div>
<div class="">What about at the ccTLD? &nbsp;<a href="http://idn.ru/" target="_blank" class="">idn.ru</a>? &nbsp; Does .ru also allow ASCII?
<div class="">&nbsp;</div>
<div class="">Does the .ru registry, for example, do anything to address homoglyphs between ascii and cyrillic?</div>
<div class="">&nbsp;</div>
<div class="">D</div>
</div>
<div class="">&nbsp;</div>
<div class="">
<blockquote class="">
<div class="">On 26/04/2017, at 8:30 PM, Andrei Kolesnikov &lt;<a href="mailto:andrei@rol.ru" target="_blank" class="">andrei@rol.ru</a>&gt; wrote:</div>
<br class="m_4576729271658896846Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">
<div class="">
<div class="">most use of idn.ascii gTLD as far as I know is .com for example <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__xn-2D-2Dh1akeme.com_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=Aumtm9oLaw_1FAQZ4MvKpmNHj3khbV5zlM_VGiARFFQ&amp;e=" target="_blank" class="">http://путин.com/[xn--h1akeme.com]</a></div>
<span class="">Basically most of the confusing cases discussed above are from .com<br class=""><br class=""></span></div>
--andrei</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote"><span class="">2017-04-26 10:35 GMT+03:00 Dr. AJAY D A T A <span dir="ltr" class="">&lt;<a href="mailto:ajay@data.in" target="_blank" class="">ajay@data.in</a>&gt;</span>:<br class=""></span>
<blockquote class="gmail_quote" style="margin: 0 0 0 .8ex; border-left: 1px #ccc solid; padding-left: 1ex;">
<div class="">
<div class="">Hello Don,&nbsp;<br class=""><br class="">Which all registries are allowed to register mix of scripts domain while registering an IDN. I checked .pyc (Cyrillic) and .भारत (Devanagiri) do not allow mix of scripts.&nbsp; I think we address those registries through ICANN by modifying the registry agreement, major problem can be solved.&nbsp;<br class=""><br class="">Thanks.&nbsp;</div>
<div class="">&nbsp;</div>
<div id="m_4576729271658896846m_8042960321159864960mySignature1" class="">
<div class="">
<div style="font-weight: normal; font-size: inherit;" class="">
<div class=""><span style="color: #333399; font-family: Tahoma; font-size: 11px;" class=""><strong class="">Dr. Ajay&nbsp;<span style="color: #333399; font-family: Tahoma; font-size: 11px;" class="">DATA</span></strong> <strong class=""><span style="color: #333399; font-family: Tahoma; font-size: 11px;" class="">&nbsp;</span>| Founder &amp; CEO&nbsp;</strong></span></div>
</div>
<div style="font-weight: normal; font-size: inherit;" class=""><span style="font-size: x-small;" class=""><span class="">Get email id like <strong style="font-size: 10px;" class="">अजय@डाटा.भारत</strong>&nbsp;in your own language,<br class=""></span>visit&nbsp;<a style="font-size: 10px;" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.xgenplus.com_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=-y6ACRLtO7BC6nXjQGKJQgFQOCdSIe6PZqjZMKRTGXc&amp;e=" target="_blank" class="">www.xgenplus.com[xgenplus.com]</a>&nbsp;</span></div>
</div>
<div id="m_4576729271658896846m_8042960321159864960__hggasdgjhsagd_once" style="display: none;" class="">&nbsp;</div>
</div>
<hr class=""><span class=""><strong class="">From:</strong> "Tan Tanaka,Dennis via UA-discuss" &lt;<a href="mailto:ua-discuss@icann.org" target="_blank" class="">ua-discuss@icann.org</a>&gt;&nbsp;&nbsp;<span style="font-family: verdana; font-size: xx-small;" class="">MailId : [68456683]</span><br class=""><strong class="">To:</strong> Don Hollander &lt;<a href="mailto:don.hollander@icann.org" target="_blank" class="">don.hollander@icann.org</a>&gt;,"<a href="mailto:ua-discuss@icann.org" target="_blank" class="">ua-discuss@icann.org</a>" &lt;<a href="mailto:ua-discuss@icann.org" target="_blank" class="">ua-discuss@icann.org</a>&gt;<br class=""><strong class="">Subject: </strong>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<br class=""><strong class="">Date:</strong> 25 Apr 2017 06:28:22 PM <br class=""></span>
<div class="">
<div class="m_4576729271658896846h5"><br class="">
<div class="m_4576729271658896846m_8042960321159864960WordSection1"><p class="MsoNormal"><span style="font-size: 11.0pt;" class="">Don, my comments enclosed</span></p>
<div class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal"><span style="font-size: 11.0pt;" class="">Thanks</span></p><p class="MsoNormal"><span style="font-size: 11.0pt;" class="">-Dennis</span></p>
<div class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div>
<div style="border: none; border-top: solid #b5c4df 1.0pt; padding: 3.0pt 0in 0in 0in;" class=""><p class="MsoNormal" style="margin-left: .5in;"><strong class=""><span class="">From: </span> </strong><span class="">&lt;<a href="mailto:ua-discuss-bounces@icann.org" target="_blank" class="">ua-discuss-bounces@icann.org</a>&gt; on behalf of Don Hollander &lt;<a href="mailto:don.hollander@icann.org" target="_blank" class="">don.hollander@icann.org</a>&gt;<br class=""> <strong class="">Date: </strong>Monday, April 24, 2017 at 5:40 PM<br class=""> <strong class="">To: </strong>"<a href="mailto:UA-discuss@icann.org" target="_blank" class="">UA-discuss@icann.org</a>" &lt;<a href="mailto:ua-discuss@icann.org" target="_blank" class="">ua-discuss@icann.org</a>&gt;<br class=""> <strong class="">Subject: </strong>[EXTERNAL] [UA-discuss] UASG Response to WordFence IDN Phishing concerns</span></p>
</div>
<div class="">
<div style="margin-left: 0.5in;" class=""><span style="font-family: Times New Roman;" class="">&nbsp;</span></div>
</div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">Further to recent discussion on this list, we have drafted a document that we plan on posting as a Blog Post to the UASG Web site that can be referenced by others.</span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">We want to get feedback from the community on this document by Thursday UTC.</span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">So, here it is – pasted below and as a word document in case you want to enable tracking and make amendments.&nbsp;&nbsp; If you have comments or suggestions, please share them to this group.</span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">Don</span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><a name="m_4576729271658896846_m_8042960321159864960__Hlk480546462" class=""></a><strong class=""><span style="font-size: 11.0pt;" class="">IDNs and Phishing: What You Need to Know</span></strong></p><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">By TBD at UASG </span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_pages_idn-2D2012-2D02-2D25-2Den&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=JGHMSOqc_3GaqYY6Sf8m9MBfj3dj9vTRIsoi3E_9KRc&amp;e=" ta="" rget="_blank" class="">Internationalized Domain Names[icann.org]</a> (IDNs) are growing in popularity, a testament to their role in the expansion of the global Internet and the value they provide in connecting non-English speakers to the Web. However, you may have noticed a renewed focus over the past week of a script mixing technique that phishing scammers could potentially use to trick Internet users into visiting malicious websites. This phishing method takes advantage of the fact that characters from various languages and scripts are sometimes visually similar to each other. For example, the Cyrillic “</span><span style="font-size: 11.0pt;" lang="RU" class="">а</span><span style="font-size: 11.0pt;" class="">” and the <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_ASCII&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=yfwSeTzAiHcLTq4jEae3TOx116_t2m_mn8vT4UOo7Go&amp;e=" target="_blank" class="">ASCII[en.wikipedia.org]</a> “a” look virtually identical. This technique is known as a homograph attack.&nbsp; </span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">Homographic phishing efforts associated with IDNs are not new. In fact, they date back to the early 2000s. Registries have since implemented policies that preclude mixing scripts<a title="" name="m_4576729271658896846_m_8042960321159864960__ftnref1" class=""></a><sup class="">[1]</sup> within a domain name label.</span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">While this issue should be taken seriously and serves as an important reminder of consumer safety, various IDN and anti-abuse groups are actively working to mitigate potential threats, and there are already certain browser-set protections in place. In the meantime, Internet users should practice the same basic security hygiene that is always recommended: avoid clicking suspicious links, and use a good password manager that will only enter login credentials on trusted sites. </span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">Equally important is to recognize the benefits of IDNs and avoid disabling them, which could lead to an unpredictable user experience and eventually a decrease in adoption. IDNs are essential in bringing non-English speakers – the majority of the world’s population – online, and allowing those users to create their own highly relevant online identities as well as navigate the Internet in their native languages. In addition to the social and cultural benefits of IDNs, they also represent a significant economic opportunity; a recent <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_whitepaper_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=VMxJkqVb1W-ZyIEhQREIQRg3LsygAashMrgpllm7Qs4&amp;e=" target="_blank" class="">report[uasg.tech]</a> commissioned by the Universal Acceptance Steering Group (UASG) found that online spending from new IDN users could start at USD 6.2 billion per year.&nbsp; </span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div><p class="MsoNormal" style="margin-left: .5in;"><span style="font-size: 11.0pt;" class="">The UASG’s mission is to help software developers and website owners keep pace with the evolving Domain Name System (DNS) – and this includes issues around the adoption and acceptance of IDNs. If you’d like to get involved in helping work toward a solution to this and other IDN-related issues, please visit <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=fHMruCNtXCtlHyAJqUQ0xMY3bJLSKhk8h77uH_2ctvk&amp;e=" target="_blank" class="">https://uasg.tech/[uasg.tech]</a> or <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_contact_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=YqvahA1bKLAZn3Ywt6hgEEjSlYv9iV1zX3u3qDUzvXE&amp;e=" target="_blank" class=""> get in touch[uasg.tech]</a> to learn more. </span></p>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div>
<div style="margin-left: 0.5in;" class=""><span style="font-size: 11.0pt;" class="">&nbsp;</span></div>
<div class=""><p class="MsoNormal" style="margin-left: .5in;"><span style="font-family: Times New Roman;" class=""><br clear="all" class=""> </span></p>
<div class="MsoNormal" style="margin-left: .5in;"><hr align="left" size="1" width="33%" class=""></div>
</div>
</div>
<div class=""><br clear="all" class=""><hr align="left" size="1" width="33%" class="">
<div id="m_4576729271658896846m_8042960321159864960ftn1" class=""><p class="m_4576729271658896846m_8042960321159864960MsoFootnoteText"><a title="" name="m_4576729271658896846_m_8042960321159864960__ftn1" class=""></a><span class="m_4576729271658896846m_8042960321159864960MsoFootnoteReference">[1]</span> <span lang="EN-SG" class="">Exceptions are practiced for languages with established orthographies and conventions that require the commingled use of multiple scripts, e.g. the Japanese writing system.</span></p>
</div>
</div>
</div>
</div>
<span class=""><span style="color: #ffffff; font-family: arial; font-size: xx-small;" class="">Do not Remove:<br class="">[HID]20170425182821379[-HID]</span><img src="https://data.in/14931921150881741a-" alt="" width="1px" height="1px" class=""> <img src="http://dlr.tbms.in:8077/XET21201:201704.jpg" alt="" width="1px" height="1px" class=""></span></div>
</blockquote>
</div>
<br class=""><br clear="all" class=""><span class="HOEnZb"><span class="HOEnZb"><span style="color: #888888;" class=""><br class="">-- <br class=""></span></span></span>
<div class="m_4576729271658896846gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">Andrey Kolesnikov</div>
<div class=""><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__RIPN.NET&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=bzXSVwk1DZEFet4B2d2K-x7-PI4e37O64WojUXqaNCM&amp;e=" target="_blank" class="">RIPN.NET[RIPN.NET]</a></div>
<div class="">&nbsp;</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<span class=""><span class=""><br class=""></span></span>
<div class="">
<div class="">Don Hollander
<div class="">Universal Acceptance Steering Group</div>
<div class="">Skype: don_hollander</div>
</div>
<div class="">&nbsp;</div>
</div>
</div>
</blockquote>
</div>
<br class=""><br clear="all" class=""><br class="">-- <br class="">
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">
<div dir="ltr" class="">
<div class="">Andrey Kolesnikov</div>
<div class=""><a href="http://ripn.net/" target="_blank" class="">RIPN.NET</a></div>
<div class="">&nbsp;</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div><img src="https://data.in/XGenPlusMessageID:1493199621074593a-#RCPT#.jpg" width="1px" height="1px" class="">
<img src="http://dlr.tbms.in:8077/XET21454:201704.jpg" width="1px" height="1px" class=""></div></div></blockquote></div><br class=""><div class="">
<div class="">Don Hollander<div class="">Universal Acceptance Steering Group</div><div class="">Skype: don_hollander</div></div><div class=""><br class=""></div><br class="Apple-interchange-newline">

</div>
<br class=""></div></body></html>