| Dear all, To properly address and explain this problem. The nature of this attacks on a global level suggest that they will be done through most used gTLDs (old and new) who allows different scripts, which is by far> .com. For local level it can be done under ccTLDs and geoTLDs who allows different script. Now, the real picture, Don, is that we have a lot of registries who mix scripts in the table. |
| You can look at IANA tables and see what is there. One example is .SU which allows all Cyrillic scripts from ex-Soviet Union (USSR). Then, there are ccTLDs like .PL, mixing the whole Unicode for years. I can understand why some ccTLDs allow that: in countries, there are a lot of minorities, so excluding their script from the table of national ccTLDs is not politically correct. To know if those cc’s allows usage of different (or even mixing) scripts and the attack can be created, we need to check local rules – and they are NOT something that ICANN is aware off, or something that ICANN can easily change. Even rules for the root zone, which are mentioned during this discussion, for the cc’s they will be presented in the form of recommendation. Some countries like Bulgaria and Greece, have IDN and ASCII under the same table and they have national laws on their usage. But, even in countries like Croatia and Romania, usage of their own Latin script can produce some of homographic attack. Like> coca-cola.hr and coča-cola.hr (confusion). Homographic attack is not a problem only in usage of different script under one TLD – they can be done under one, f.e. Latin, script also. Andrei suggested one way to address problem, but it can’t be the rule, because of political and other logical questions inside the countries. It’s in the ruleset of every single registry – who allows mixing script or not. You can have 20 different scripts in table, if you strictly avoid mixing, you are ok – and cross script homographic attack are not possible. But, single script attacks are staying possible, such as IBM.рф or саре.рф. |
| If you want to change agreement with cc’s, in order to address their rules for registration, is not going to be easy task for ICANN, because of the nature of agreements. Some of them are just in the form of „exchange of letters“ and zou know which level of agreement is that. Regards, Dusan From: ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org] On Behalf Of Andrei Kolesnikov Sent: Wednesday, April 26, 2017 10:46 AM To: Don Hollander <don.hollander@icann.org> Cc: Dr. AJAY D A T A <ajay@data.in>; `tan tanakadennis via ua-discuss` <ua-discuss@icann.org> Subject: Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns Don, there is no such thing as IDN at .RU - only ascii allowed - we understood the problem long time ago due to similarity of many Cyrillic letters with Latin. In IDN .РФ in Russia only Cyrillic allowed. This definitely must be the rule for registries. Or some kind of immediate mitigation service to bring down dangerous domains. --andrei 2017-04-26 11:34 GMT+03:00 Don Hollander <don.hollander@icann.org>:
-- Andrey Kolesnikov RIPN.NET
|