Re: [idn] IDN spoofing

[John C Klensin <klensin@jck.com>]

--On Friday, 18 February, 2005 20:06 +0100 Keld Jørn Simonsen
<keld@dkuug.dk> wrote:

>...
> Of cause we should minimize the risks for internet users of
> being mislead. This could be done by equializing similar
> characters, like Latin, Cyrillic and greek A, 0 and O, 1 and 1
> etc, so that no visual misleading should be possible.

Keld, for better or worse, a decision was made to not try to do
this in IDNA.  At least one of the reasons is that the
definition of "similar" is much in the mind of the beholder.
The decision to treat 0 and O, 1 and l, as separate was made 20
(or, by a different line of reasoning, more like 34) years ago
and is irreversible at this point.  

For the more general case, U+0E02, U+0E03, U+0EA1 could all be
construed by someone who doesn't know which scripts they came
from as font variation on either U+0C35 or U+0055, so it isn't
at all clear how one would adopt general "equalizing" rules,
even if they were wanted.   The good news is that, should a
registry decide to use them, the "variant" model of RFC 3743
could be easily adapted to prevent labels that would equivalent
if these "equal in the mind of the registry" characters were
from being registered.   Personally, I find it rather attractive
that the decision as to whether or not to do that, and which
characters to consider too similar to permit labels built on
them to be registered to different parties, can be made one
registry at a time, with no need for global agreement about
those visual perceptions.

    john