Hi Maxim, To be clear, I wasn’t endorsing the white paper, rather just suggesting it was the trigger for the BBC coverage. After a brief scan, I do find some of the stats in the white paper interesting but don’t know enough about their methodology to go beyond that. However, I suspect Farsight Security would be interested in suggestions in improvement for their methodology (after all, it’d mean more potential risks they’d be protecting their customers from). Regards, -drc
On Jun 27, 2018, at 12:50 PM, Maxim Alzoba <m.alzoba@gmail.com> wrote:
Hi David,
I meant to that it might be good to avoid misconception of "IDN only issue". (unfortunately I downloaded it and read)
The Report itself does not have anything about latin script issues.
P.s: they even failed to check which TLD are using Cyrillic Russian script (done easily via IANA script page https://www.iana.org/domains/idn-tables <https://www.iana.org/domains/idn-tables> ) for example did not mentioned (and most probably did not review) .москва(.xn--80adxhks) with 15k domains, but mentioned .дети(xn--d1acj3b) with <1.5k
P.P.s: reviews which see wiki as a creditable source of information are ... entertaining
Sincerely Yours,
Maxim Alzoba Special projects manager, International Relations Department, FAITID
m. +7 916 6761580(+whatsapp) skype oldfrogger
Current UTC offset: -5 (Panama)
On 27 Jun 2018, at 11:15, David Conrad <david.conrad@icann.org <mailto:david.conrad@icann.org>> wrote:
Hi Maxim,
You mean you want me to actually read the paper instead of just the executive summary? :)
(A bit buried right now during the ICANN meeting)
Regards, -drc
On Jun 27, 2018, at 11:02 AM, Maxim Alzoba <m.alzoba@gmail.com <mailto:m.alzoba@gmail.com>> wrote:
Hello David,
Were pairs like 1 and l , 0 and o in latin script analyzed? (it might give better perception of what it going on and if the confusion is limited to IDNs or is it a general issue)
Sincerely Yours,
Maxim Alzoba Special projects manager, International Relations Department, FAITID
m. +7 916 6761580(+whatsapp) skype oldfrogger
Current UTC offset: -5.00 (Panama)
On 27 Jun 2018, at 10:56, David Conrad <david.conrad@icann.org <mailto:david.conrad@icann.org>> wrote:
I suspect that might be triggered by:
https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne... <https://info.farsightsecurity.com/farsight-idn-research-report?utm_source=ne...>
From the executive summary:
Among the key findings:
100M total IDN resolutions observed; 27M unique fully qualified domain names (FQDNs)
8,000 IDN homographs representing or containing a top global brand name
Unicode “confusables” make up a significant percentage of the characters found in IDNs; 91% of all characters observed in IDN homographs are considered “confusable” -- a “confusable” is a Unicode code point that is often easily confused with other characters, ligatures, and/or digraphs.
Brands in banking and other related sectors are frequently imitated using IDN homographs with ~750 unique FQDNs observed per month
91% of IDN homographs offered some sort of webpage
We found clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names
66% of all IDN homograph IP addresses were found to be geolocated in the United States
93% of IDN homograph FQDNs had IPv4-based address records
Regards, -drc
On Jun 27, 2018, at 10:27 AM, Andrew Sullivan <ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>> wrote:
I see, via Slashdot, that the BBC is once again promoting this problem:
https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d... <https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-d...>
A -- Andrew Sullivan ajs@anvilwalrusden.com <mailto:ajs@anvilwalrusden.com>