Re: [idn] IDN spoofing

[William Tan <wil@dready.org>]

Hi Erik,

> But what can we do about .com? 

It's not about what we can do about it, but what Verisign wants. If 
Verisign wanted to strictly adhere to ICANN's IDN guidelines, it 
would've dropped support for languages for which they have no table, and 
Eric wouldn't have been able to register that twisted paypal.com. And if 
Verisign, in light of this homograph attack advisory, decides to play it 
right from now on, I'd be pretty much contented. Sure, there are other 
TLDs who are still registering IDNs with liberal rules, maybe we can 
convince them to follow suit, maybe not.

> It's clearly a worldwide TLD now. It should probably allow multiple 
> writing systems. Perhaps the .com operator could specify that 2nd 
> level domain labels must stick to one writing system, and that that 
> writing system must be indicated in the RRP (Registry Registrar 
> Protocol) in order to validate the 2nd level name against the table of 
> characters allowed in that writing system.

This is already the case in Verisign's SRS where registrars are required 
to submit an ISO-639 language tag via RRP.

> This would probably require a (new?) set of names for writing systems, 
> somewhat similar to the language tags of ISO 639.
What nifty features would this bring, if the registry does not attach 
any rules to the writing systems, as is the case with language tags now.

Regards,
wil.