Another Transition Plan Proposal
John C Klensin
klensin at jck.com
Fri Dec 11 07:49:41 CET 2009
--On Friday, December 11, 2009 01:16 +0000 Shawn Steele
<Shawn.Steele at microsoft.com> wrote:
> More seriously, wouldn't not-bundling make it easier on the
> phishers? In a bundling world, if fuss.com is already
> registered, then I'd have a hard time registering fuß.com to
> catch all those users going to fub.com.
Sure. You would have an even harder time registering it -- with
far less complication at the registry-- if IDNs were prohibited
entirely. As soon as you say "well, prohibiting some more
strings would make phishing harder", you are absolutely correct,
but you run into the problem that there would be much less
possibility of phishing with a 37 (or 63 counting case
variations) character repertoire.
And one could prevent even more phishing by deprecating domain
names containing digits 1 and 0 and letter i (and I) --or other
combinations that would accomplish the same thing-- and phasing
out existing registrations containing those characters.
While I hope no one is going to advocate for "no IDNs" as a
counter to phishing, it doesn't automatically follow that one
necessarily needs to impose complex variant bundling procedures
or even prohibitions on strings that might be confused or
conflict with existing registrations.
More information about the Idna-update