From: Andrew Sullivan <ajs@anvilwalrusden.com> Subject: Re: [UA-discuss] Fw: Re: IDN Implementation Guidelines [RE: Re : And now about phishing...] To: ua-discuss@icann.org Date: Saturday, April 22, 2017, 9:16 AM On Sat, Apr 22, 2017 at 01:32:08PM +0000, nalini.elkins@insidethestack.com wrote>
For example, you may wish to see the following permutations which have already been obtained. (And, it appears not by Apple)
www.applé.com www.xn--appl-epa.com www.xn--appl-epa.com www.applê.com www.xn--appl-jpa.com www.xn--appl-jpa.com www.applė.com www.xn--appl-yva.com www.xn--appl-yva.com www.applę.com www.xn--appl-8va.com www.xn--appl-8va.com
Do you think that those qualify as "homographs"? I suppose they might, as might àpple.com and so on, but these at least don't seem to me to be any different than app1e.com, which we decided long ago was Apple's problem and nobody else's.
I guess so. It is just that because of internationalization, so many more of such permutations are possible. I think it might be useful to have another term for this: Here is an attempt: Homograph: a domain name that has characters that are visually indistinguishable (I am intentionally leaving out the font issues) Resembler: a domain name that can be easily visually confused for another well-known domain
From talking to various organizations, "Resemblers" are very definitely a concern. Whether this should be a policy from ICANN, someone else, or left to independent software vendors ala NaliniResemblerAndHomographFinder (tm), is an interesting question.
This is quite different to the case of true homoglyphs of the sort that Asmus is talking about, where the very same glyph is normally used in two different scripts such that nobody would be able to tell the difference. One maybe could argue that "аррӏе" is pure homoglyphs (0430,0440,0440,04CF, 0435), but I think it's tough to argue for it.
Remember, the IDNA rules are really _quite_restrictive, and if registries also require "same script per label" those restrictions catch an _awful_ lot of corner cases (that was the outcome of the "paypal" controversy some time ago).
If you want to argue that policy should be different, that's fine, but it seems to me to require some PDP within ICANN. Note that ICANN is probably going to propose some rules for variant handling, and combined with the LGR stuff that is working its way through the system we may find an awful lot of stuff is blocked.
One of my guys is working in the LatinGeneration panel if that is what you are talking about. So far, I believe they are at the TLD level.
In any case, I think our purpose is very badly served by conflating these two different kinds of issues.
Sure.