Unicode 7.0.0, (combining) Hamza Above, and normalization
Shawn.Steele at microsoft.com
Wed Aug 6 19:24:36 CEST 2014
> that is not the argument mark - it has to do with different encodings of what looks like > the same thing - that can be exploited by phishing, for example.
That's how I read Mark's statement. The problem statement here focuses on 1 character when rnicrosoft.com (in ASCII) can achieve similar effect. Or microsoft.unsafe.com or trustme.com/microsoft - or just ignoring what the link says, or my bank sending me stuff that takes me to a abcprocessing.com site, which trains me that legitimate stuff can go to a 3rd party site.
More information about the Idna-update