Just to throw a little more into the mix there are also "homonym" attacks, for example sneaking a Cyrillic (e.g., Russian) 'o' into microsoft . com, they look the same as a Latin-1 'o' but are encoded differently. Some browsers recognize that and will display "punycode", xn-blahblah, rather than the graphical version but there are all sorts of places this might be abused (e.g., a link in an email or sms, etc.) My real point is it's a big and, I like to think, active topic. A lot of it falls more into the realm of the IETF, engineering issues, and human factors engineering, rather than policy at this point other than perhaps supporting whatever the gearheads come up with to mitigate all this and to turn any engineering recommendations into workable policy. And education about the problem of course. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*