sharp s (Eszett)

Vint Cerf vint at
Sun Mar 9 16:27:06 CET 2008


you may discard the theory that ICANN is behind the IDNAbis effort.  
The work arose as a consequence of experiences and problems with  
IDNA2003 which ICANN did its best to implement. The initiative arose  
out of IETF contributors' efforts to improve the specifications and  
to reduce various kinds of confusion and potential abuse.


On Mar 9, 2008, at 9:49 AM, Stephane Bortzmeyer wrote:

> On Sun, Mar 09, 2008 at 11:19:27AM +0900,
>  Martin Duerst <duerst at> wrote
>  a message of 43 lines which said:
>>> In particular, that leaves a hole if someone creates a funky
>>> A-label that could not have been formed via the U-label process. I
>>> think that hole that needs to be plugged,
>> Why? Whom are we trying to protect, against what?
> Indeed. There really seems to be a hidden agenda (coming from ICANN?)
> behind the IDNAbis project.
> All the studies on phishing have shown that almost no user takes into
> account the domain name in its credibility assessment algorithm,
> relying instead on the look of the page. So, trying to address the
> phishing problem through homographs is a bad start.
> As a TLD, we receive a lot of a phishing reports for domains ending in
> ".fr". It is extremely rare that the phisher makes an attempt, even a
> small one, to have a realistic domain name. We see domain names which
> are obviously completely unrelated to the target (and the phishing
> still works) or domain names which are related to the target but that
> no homograph policy could have prevented (such as
> paypal-secure.example for paypal.example or ebay.myowndomain.example
> for ebay.example).
> IDN spoofing is a nice subject for hackers but it is not widely used
> in the real world. Not enough to justify to change the IDN standard.
> _______________________________________________
> Idna-update mailing list
> Idna-update at

More information about the Idna-update mailing list