Return-Path: Received: from eikenes.alvestrand.no ([unix socket]) by eikenes.alvestrand.no (Cyrus v2.1.11-Mandrake-RPM-2.1.11-1mdk) with LMTP; Tue, 22 Feb 2005 20:16:19 +0100 X-Sieve: CMU Sieve 2.2 Return-Path: Received: from localhost (localhost.localdomain [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 1061261BD5 for ; Tue, 22 Feb 2005 20:16:19 +0100 (CET) Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32056-06 for ; Tue, 22 Feb 2005 20:16:17 +0100 (CET) Received: from psg.com (psg.com [147.28.0.62]) by eikenes.alvestrand.no (Postfix) with ESMTP id 868F261AD4 for ; Tue, 22 Feb 2005 20:16:17 +0100 (CET) Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1D3fVP-000BvA-0K for idn-data@psg.com; Tue, 22 Feb 2005 19:15:35 +0000 Received: from [63.247.74.122] (helo=montage.altserver.com) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1D3fVM-000Buw-ND for idn@ops.ietf.org; Tue, 22 Feb 2005 19:15:32 +0000 Received: from if12m4-235.d2.club-internet.fr ([212.195.66.235] helo=jfc.afrac.org) by montage.altserver.com with esmtpa (Exim 4.44) id 1D3fVJ-00068b-SR; Tue, 22 Feb 2005 11:15:30 -0800 Message-Id: <6.1.2.0.2.20050222163109.02e51db0@mail.jefsey.com> X-Sender: jefsey+jefsey.com@mail.jefsey.com X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Tue, 22 Feb 2005 16:58:37 +0100 To: Stephane Bortzmeyer , Erik van der Poel From: "JFC (Jefsey) Morfin" Subject: Re: [idn] Re: nameprep, IDN spoofing and the registries Cc: idn@ops.ietf.org In-Reply-To: <20050222132656.GA13173@nic.fr> References: <421A3E9C.5020204@vanderpoel.org> <421AC08F.2030207@vanderpoel.org> <20050222132656.GA13173@nic.fr> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - montage.altserver.com X-AntiAbuse: Original Domain - ops.ietf.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - jefsey.com X-Source: X-Source-Args: X-Source-Dir: Sender: owner-idn@ops.ietf.org Precedence: bulk X-Virus-Scanned: by amavisd-new at alvestrand.no At 14:26 22/02/2005, Stephane Bortzmeyer wrote: >On Mon, Feb 21, 2005 at 09:18:07PM -0800, > Erik van der Poel wrote > a message of 218 lines which said: > > > As George points out, the registries are going to have to start > > filtering IDN lookalikes, otherwise they will eventually face > > lawsuits from the "big boys" (as George so delightfully puts it). > >Quite the opposite: according to our lawyer, if the process is >completely automatic (no human eyes involved), you can disclaim any >responsability. But if you do screen, you accept a liability if the >screening fails (and it will fail, trying to catch homographs is an >hopeless task). > >I seriously doubt that european registries, which all moved from a >"screen every domain to check if it is legal" model to a "accept >anything" model in the '90s will go back... Full agreement. Now, only for the reasons explained below, I am ready to test and propose several ccTLDs a filtering experimentation. 1. I filter the registered names (against foul names, blocked names) at registration level, before accepting payment. 2. the filtering will therefore be on xn--entries strings. This being accepted: 1. could someone point a "C" source code to carry what has to be carried to filter out the dangerous names? Please help: I have no resource on this. 2. could someone list all the Unicode codes to blacklist that way? 3. could someone point a Perl code to use to enter a IDN and to get it properly punycoded, which could use such a list. My rationale is that I only want to protect my own operations from confusion. I will only extend the description of the non-authorized characters in the terms and conditions. If this works properly I will describe the solution and experience in a for information Draft and a request to the IANA to list a Unicode black list. jfc jfc