<div dir="ltr"><div class="gmail_extra"><font face="times new roman, serif"><br></font><div class="gmail_quote"><font face="times new roman, serif">On Sun, Aug 10, 2014 at 4:22 PM, Andrew Sullivan <span dir="ltr"><<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>></span> wrote:<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="overflow:hidden"><font face="times new roman, serif">No, the problem here is that we have discovered rather late in the<br>
game that the thing NFC is for _is not_ what we thought it was.</font></div></blockquote></div><font face="times new roman, serif"><br></font><div class="gmail_default"><font face="times new roman, serif">No knowledgeable person ever represented that NFKC would remove all confusable characters. It clearly does not and cannot, since "paypal" and "paypa1" are confusable, and just involve ASCII characters. Starting in 2005, Unicode has made <a href="http://unicode.org/reports/tr36" target="_blank">unicode.org/reports/tr36</a> and <a href="http://unicode.org/reports/tr39" target="_blank">unicode.org/reports/tr39</a> available (and pointed people to them from this list). Those have long detailed many of the issues involved in confusability. </font></div>
<div class="gmail_default"><font face="times new roman, serif"><br></font></div><div class="gmail_default"><font face="times new roman, serif">The people promoting the IDNA2010 approach have long known that it wouldn't solve the confusability issue.</font></div>
<div class="gmail_default"><font face="times new roman, serif"><br></font></div><div class="gmail_default"><font face="times new roman, serif">For example, on Mon, Dec 22, 2008 at 8:03 AM, John C Klensin <span dir="ltr"><<a href="mailto:klensin@jck.com" target="_blank">klensin@jck.com</a>></span> wrote:</font></div>
<div class="gmail_default"><font face="times new roman, serif">...<br></font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="times new roman, serif"><span style="color:rgb(0,0,0)">(i) What is, and is not, look-alike, is a very subjective</span><br style="color:rgb(0,0,0)"><span style="color:rgb(0,0,0)">business. </span></font></blockquote>
<div><font face="times new roman, serif">... </font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div id=":2nq" class="" style="overflow:hidden"><font face="times new roman, serif">The bottom line is that we've concluded that character<br>combinations that are specifically phishing issues should be<br>dealt with by registries, who presumably know what they are<br>
doing with scripts they choose to support, and by application<br>implementers who can warn people against hazardous combinations<br>(and potentially against registries who persistently permit<br>registration of strings that have no real value other than to<br>
create phishing opportunities. </font></div></blockquote><div><font face="times new roman, serif">... </font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="times new roman, serif"><span style="color:rgb(0,0,0)">These decisions were the result of explicit (and quite lengthy)</span><br style="color:rgb(0,0,0)"><span style="color:rgb(0,0,0)">discussion, not an "oversight".</span></font></blockquote>
</div><font face="times new roman, serif"><br clear="all"></font><div><div dir="ltr"><font face="'times new roman', serif"><div style="margin:0px;background-color:transparent"><div></div></div><div style="margin:0px;background-color:transparent">
<br></div><div style="margin:0px;background-color:transparent">
<a href="https://google.com/+MarkDavis" target="_blank">Mark</a></div><div style="margin:0px;background-color:transparent"><i><br></i></div><div style="margin:0px;background-color:transparent"><i>— Il meglio è l’inimico del bene —</i></div>
</font><div><div><font face="'times new roman', serif"><i><span style="font-style:normal"><i></i></span><i></i></i></font></div></div></div></div>
</div></div>