[At-Large] IDN Variants in the market place

bzs at theworld.com bzs at theworld.com
Fri Jul 20 18:37:23 UTC 2018


On July 19, 2018 at 15:48 6.Internet at gmail.com (Sivasubramanian M) wrote:
 > Please take a look at the attached screenshot of a domainer's offer to sell
 > single character IDNs, for instance an IDN variant (lookalike) of the ASCII
 > character X, which sets a harmful trend. This is an issue if confusability.

The general term for this is "homograph attack" or specifically "IDN
homograph attack", where "attack" may be in the eye of the beholder:

  https://en.wikipedia.org/wiki/IDN_homograph_attack

and has been the subject of much discussion over recent years and
little resolution.

I believe one popular proposal is browser support which either
visually flags such IDNs or displays the punycode alongside which is
an ASCII represenation and should make obvious that this not what one
might suspect.

For example (from this wikipedia page): xn--bcher-kva.tld indicating
an umlauted 'u' is in there but importantly that it's not just
bucher.tld.

  https://en.wikipedia.org/wiki/Punycode

There's still the problem with intent. Could I legitimately offer for
sale the strings with and without the umlaut? I think that's generally
considered acceptable.

Caveat emptor?

 > 
 > I understand that the Registries (are required to?) maintain a list of harmful
 > names for their TLDs, but there is no common minimal list of harmful names. One
 > possible way to achieve this is for the Registries, at least in the ASCII
 > space, to volunteer to feed their respective list of harmful names into a
 > common Registry Stakeholder database, and then draw up a common minimum list of
 > harmful domain names that any Registry could avoid registering. 
 > 
 > If At-Large could shape this as a workable suggestion, it could formally go to
 > the Registry Stakeholders.
 > 
 > Sivasubramanian M
 > x[DELETED ATTACHMENT Screenshot_20180719-152932~2.png, PNG image]
 > _______________________________________________
 > At-Large mailing list
 > At-Large at atlarge-lists.icann.org
 > https://atlarge-lists.icann.org/mailman/listinfo/at-large
 > 
 > At-Large Official Site: http://atlarge.icann.org

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*


More information about the At-Large mailing list