[Comments-idn-guidelines-03mar17] FW: [Ext] Comments from India-Internationalized Domain Name (IDN) Implementation Guidelines

Sarmad Hussain sarmad.hussain at icann.org
Mon May 1 06:35:55 UTC 2017 

Comments received from Govt. of India.

Regards,
Sarmad Hussain

From: tsantosh at meity.gov.in [mailto:tsantosh at meity.gov.in]
Sent: Monday, May 01, 2017 11:13 AM
To: Sarmad Hussain <sarmad.hussain at icann.org>
Cc: JS DeitY Rajiv Bansal; Pradeep Kumar Verma; Harish Chowdhary; shubham nixi
Subject: [Ext] Comments from India-Internationalized Domain Name (IDN) Implementation Guidelines

Dear Mr. Sarmad,

Please find below the comments from India on Internationalized Domain Name (IDN) Implementation Guidelines https://www.icann.org/public-comments/idn-guidelines-2017-03-03-en

For a diverse and global Internet where all languages and scripts can be used easily the universal acceptance for Unicode domain names (IDNs) and email addresses (EAIs) is crucial.The following are suggested.

I.                   promote a better public understanding of the issue, countering the trend that "IDN URLs are for phishing"

Rationale

                                                              i.      Efforts to promote universal acceptance, to stop the misuse of IDNs for fraud and phishing is essential. Just very recently, many news sources reprised a security advice that directed users to disable the display of IDN URLs in browsers, to prevent phishing by using whole-script confusable domain names: (https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/)

                                                            ii.      Due to the point mentioned above, IDNs would start to be widely rejected throughout the Internet. It is thus an important responsibility by ICANN to prevent these dangers.

II.                To free the Internet from whole-script confusables (Similar characters in diffrenet scripts)

                                                          iii.      To establish, a basic principle, that any two domain names that look confusable to an average Internet user must be considered variants of the same domain name and must never be registered to different registrants.

                                                                                                        i.            As confusability is by definition a subjective feature, there are technical standards (i.e. Unicode TR-39)         which provide an implementable definition and algorithm for detecting confusable domain names.It is advisable to implement these standards in the proposed guidelines.

                                                          iv.      In addition to that, allowing the registration of confusable domain names is not just hampering adoption of IDNs, but it is also creating significant financial and organizational costs to the rest of the Internet. Even before any successful phishing attack happens, software developers and Internet service providers dealing with all sorts of Internet applications are forced to take into account possible homoglyph (look-a-like characters) attacks and implement countermeasures. It is much more efficient to detect and stop these situations just once at the registry level, rather than have the entire Internet run around in circles to deal with them.

                                                            v.      To the specific issue of whole script confusables, point 17 of the current recommendation is a "may" rather than a "must". But if we feel that it should move to a must. Replacing “may” to must will help to stop registration of the domains like "g00gle.com", to put blocks on cyber-squatting.

                                                          vi.      In point 16 of the proposed draft, and to make the detection and blocking of whole-script confusables compulsory. The first sentence of point 16 should thus be replaced by the following

TLD registries must apply to new registrations whole label evaluation rules that minimize whole-script confusables as determined by Unicode Technical Standard #39: Unicode Security Mechanisms; new domain names that according to those rules are whole-script confusables in respect to an existing domain name must be

a) allocated to the same registrant of the existing domain name, or

b) blocked from registration.

III.             To deal with Emojis

                                                              i.      There should be separate guidelines to deal with EMOJIS.
                                    E.g. https://❤❤❤.ws/

--
Warm Regards

T.Santhosh
Scientist 'E' / Additional Director
Ministry of Electronics  and Information Technology
Government of India
Electronics Niketan, 6 CGO Complex,
New Delhi - 110003 (India)
Tel: +91-11-24364741, 24301831

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/comments-idn-guidelines-03mar17/attachments/20170501/f07c682d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Comments from India on IDN_Implementation_Guidelines.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 14799 bytes
Desc: Comments from India on IDN_Implementation_Guidelines.docx
URL: <http://mm.icann.org/pipermail/comments-idn-guidelines-03mar17/attachments/20170501/f07c682d/CommentsfromIndiaonIDN_Implementation_Guidelines-0001.docx>

More information about the Comments-idn-guidelines-03mar17 mailing list