Yeah, I am prone to overthinking stuff like this 😝 -- More than anything else, that issue is an attention magnet for nerds like us. We do like clever toys and hacks like that, don't we ;) -----Original Message----- From: Arnt Gulbrandsen [mailto:arnt@gulbrandsen.priv.no] Sent: Monday, March 12, 2018 14:24 To: Mark Svancarek <marksv@microsoft.com> Cc: Vittorio Bertola <vittorio.bertola@open-xchange.com>; ua-eai@icann.org; ua-discuss@icann.org Subject: Re: [UA-discuss] [UA-EAI] Issue needs discussion and closure Mark Svancarek writes:
Actually, my “keyboard” is pretty flexible.
That's your excellent OS support, not the keyoard you use. Your keycaps say "A", "S", "D" and so on, right? I see Hindi traditional on your list, is there a keycap that says आ? EAI is for the people whose knowledge of A-Z is too shaky to be comfortable emailing using A-Z, but who can read and write some other writing system, and who have a computer so they want to email. For these people, the keyboard they have is a decent proxy. They chose that keyboard because it reflects their knowledge. It isn't necessarily a hard and fast border of their skill, but it's a pretty good working description.
To your other point about mainly-ASCII phishing, I am happy to consider I may be overthinking things by looking for recommended good practices for this topic.
Phishing's a big threat nowadays. It's worth keeping in mind that exploiting similar-looking glyphs isn't a big part of that evil industry. It was a clever, novel attack once, but hasn't grown to much more in the decade that's passed since it was invented. Phishers don't need cyrillic a to impersonate Chase, they just register chase-account-security-team.com and fool enough people. So I don't think that warrants much attention. More than anything else, that issue is an attention magnet for nerds like us. We do like clever toys and hacks like that, don't we ;) Arnt