IDNA and U+08A1 and related cases (was: Re: Barry Leiba's Discuss on draft-ietf-json-i-json-05: (with DISCUSS and COMMENT))

Nico Williams nico at
Tue Jan 27 01:50:20 CET 2015

On Mon, Jan 26, 2015 at 06:45:24PM -0600, Nico Williams wrote:
> On Mon, Jan 26, 2015 at 06:08:40PM -0500, John C Klensin wrote:
> > While I'm certainly in favor of shaming evildoers, keep two
> > things in mind.  First, while the number of distinct registry
> > operators is much smaller, the number of TLDs may soon exceed
> > the number of active CAs.  The total number of zones and zone
> > administrators probably deserves terms like "astronomical".
> Meh.  There may be many new TLDs, but they are looking rather empty and
> insignificant.  We'll see how it goes for them, but I'm betting on
> 'badly'.  In any case: it doesn't matter.  What matters isn't how many
> of these there are, but that the number of unconstrained CAs be low
> (which DNS achieves, while the WebPKI does not).

As a corollary: more competition by [constrained] TLDs is good because
if -say- com. allows too many embarrassing confusable domains to be
registered, leading to noticeable and noticed phishing attacks, then
perhaps more [new] business will move off it and onto new TLDs.

I'm not concerned with this.

I'm concerned with making sure that registries have the tools they need
to detect and prevent confusable domain registrations [by different
owners], and that would-be registrants have the tools they need to
determine the confusable risk of their would-be domainnames.  As to
this, is UTR#39 enough, yes or no?


More information about the Idna-update mailing list