sharp s (Eszett)

Vint Cerf vint at google.com
Sun Mar 9 16:27:06 CET 2008


Stephane,

you may discard the theory that ICANN is behind the IDNAbis effort.  
The work arose as a consequence of experiences and problems with  
IDNA2003 which ICANN did its best to implement. The initiative arose  
out of IETF contributors' efforts to improve the specifications and  
to reduce various kinds of confusion and potential abuse.

vint

On Mar 9, 2008, at 9:49 AM, Stephane Bortzmeyer wrote:

> On Sun, Mar 09, 2008 at 11:19:27AM +0900,
>  Martin Duerst <duerst at it.aoyama.ac.jp> wrote
>  a message of 43 lines which said:
>
>>> In particular, that leaves a hole if someone creates a funky
>>> A-label that could not have been formed via the U-label process. I
>>> think that hole that needs to be plugged,
>>
>> Why? Whom are we trying to protect, against what?
>
> Indeed. There really seems to be a hidden agenda (coming from ICANN?)
> behind the IDNAbis project.
>
> All the studies on phishing have shown that almost no user takes into
> account the domain name in its credibility assessment algorithm,
> relying instead on the look of the page. So, trying to address the
> phishing problem through homographs is a bad start.
>
> As a TLD, we receive a lot of a phishing reports for domains ending in
> ".fr". It is extremely rare that the phisher makes an attempt, even a
> small one, to have a realistic domain name. We see domain names which
> are obviously completely unrelated to the target (and the phishing
> still works) or domain names which are related to the target but that
> no homograph policy could have prevented (such as
> paypal-secure.example for paypal.example or ebay.myowndomain.example
> for ebay.example).
>
> IDN spoofing is a nice subject for hackers but it is not widely used
> in the real world. Not enough to justify to change the IDN standard.
>
>
> _______________________________________________
> Idna-update mailing list
> Idna-update at alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/idna-update



More information about the Idna-update mailing list