Hi Maxim,

To be clear, I wasn’t endorsing the white paper, rather just suggesting it was the trigger for the BBC coverage.

After a brief scan, I do find some of the stats in the white paper interesting but don’t know enough about their methodology to go beyond that.

However, I suspect Farsight Security would be interested in suggestions in improvement for their methodology (after all, it’d mean more potential risks they’d be protecting their customers from).

Regards,
-drc

On Jun 27, 2018, at 12:50 PM, Maxim Alzoba <m.alzoba@gmail.com> wrote:

Hi David, 

I meant to that it might be good to avoid misconception of "IDN only issue".
(unfortunately I downloaded it and read)

The Report itself does not have anything about latin script issues.

 P.s: they even failed to check which TLD are using Cyrillic Russian script (done easily via IANA script page
https://www.iana.org/domains/idn-tables
)
for example did not mentioned (and most probably did not review) .москва(.xn--80adxhks) with 15k domains, 
but mentioned .дети(xn--d1acj3b) with <1.5k

P.P.s: reviews which see wiki as a creditable source of information are ... entertaining



Sincerely Yours,

Maxim Alzoba
Special projects manager,
International Relations Department,
FAITID

m. +7 916 6761580(+whatsapp)
skype oldfrogger

Current UTC offset: -5 (Panama)

On 27 Jun 2018, at 11:15, David Conrad <david.conrad@icann.org> wrote:

Hi Maxim,

You mean you want me to actually read the paper instead of just the executive summary?  :)

(A bit buried right now during the ICANN meeting)

Regards,
-drc

On Jun 27, 2018, at 11:02 AM, Maxim Alzoba <m.alzoba@gmail.com> wrote:

Hello David, 

Were pairs like 1 and l , 0 and o in latin script analyzed?
(it might give better perception of what it going on and if the confusion is limited to IDNs or is it a general issue)

Sincerely Yours,

Maxim Alzoba
Special projects manager,
International Relations Department,
FAITID

m. +7 916 6761580(+whatsapp)
skype oldfrogger

Current UTC offset: -5.00 (Panama)



On 27 Jun 2018, at 10:56, David Conrad <david.conrad@icann.org> wrote:

I suspect that might be triggered by:


 From the executive summary:

Among the key findings:

100M total IDN resolutions observed; 27M unique fully qualified domain names (FQDNs)

8,000 IDN homographs representing or containing a top global brand name

Unicode “confusables” make up a significant percentage of the characters found in IDNs; 91% of all characters observed in IDN homographs are considered “confusable” -- a “confusable” is a Unicode code point that is often easily confused with other characters, ligatures, and/or digraphs.

Brands in banking and other related sectors are frequently imitated using IDN homographs with ~750 unique FQDNs observed per month

91% of IDN homographs offered some sort of webpage

We found clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names

66% of all IDN homograph IP addresses were found to be geolocated in the United States 

93% of IDN homograph FQDNs had IPv4-based address records 


Regards,
-drc

On Jun 27, 2018, at 10:27 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:

I see, via Slashdot, that the BBC is once again promoting this problem:

https://it.slashdot.org/story/18/06/26/2031212/scammers-abuse-multilingual-domain-names

A
-- 
Andrew Sullivan
ajs@anvilwalrusden.com