On Tue, Dec 25, 2018 at 04:58:20PM -0500, John Levine wrote:
I think it's pretty safe to assume that foo.com and www.foo.com are in the same language
I don't think it's safe to assume that at all. There is in general no way to know any of that, and the potential for exceptions is precisely where phishers will drop their lures.
None of this is terribly hard, but it's not automatic either.
Quite.
Same answer, except that if one name isn't a subdomain of the other, the login and option cookie problems are a lot harder.
In some cases, for "impossible" values of "harder". This is important, because the total lack of general cross-tree linkage support in the DNS is something the IETF determined it had failed to undertake some while ago, which means that we cannot expect the situation will get better (despite Yet Another Effort by Dave Crocker).
The point, which I apparently wrongly thought was obvious, is that none of this multi-name stuff works automatically, and telling people "just add a bunch of IDN names and EAI addresses" is not going to end well.
Even if it isn't obvious, I'd have thought that the arguments to that effect of the now-aged Variant Issues Report from ICANN (full disclosure: I wrote most of it) were pretty complete. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com