Re: [idn] IDN spoofing

From: George W Gerrity (g.gerrity@gwg-associates.com.au)
Date: Sat Feb 19 2005 - 19:42:46 CST

Next message: Patrick Andries: "Re: orthographies"

Previous message: Asmus Freytag: "Re: orthographies"
Maybe in reply to: Erik van der Poel: "Re: [idn] IDN spoofing"
Next in thread: William Tan: "Re: [idn] IDN spoofing"
Reply: William Tan: "Re: [idn] IDN spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

It has been stated quite clearly that the problem of spoofing TLD tags
should not exist because the authority for a given TLD can (and should)
accept only one coding for a TLD tag. However, where the TLD tag is a
country code, second-level TLD tags can (and should) also be unique
(eg, .co.uk, .net.au). I don't think that has been stated clearly
before.

For the second-level (or third-level where the top is a country code)
domain tag, it should be the legal responsibility of the name
authorities for the domain above to ensure that spoofed names cannot be
registered (or if registered, all belong to one owner). In the Western
world, if that is not already the case, then I'm sure that the first
time a spoof of, say Coca-Cola (or Pepsi — let's be even-handed) is
registered, then we can be certain that afterwards, the issuing
authority will never do it again.

In the case of countries whose law systems are still a bit wild and
wooly (The former Soviet Union?), then I suspect that for the time
being it will remain ‘Caveat Emptor’. In either case, a domain name
holder should be able to license all spoofs for free, in order to limit
its exposure to spoofing, whether or not there is adequate legal
recourse.

The point I'm making is that while the authorities for .com.au or
.com.ru may do what they like, we can at least give them advice plus
some tables that will detect many, if not most, spoofs. In the case
where the authority allows (for whatever reason) a name with mixed
orthographies, then clearly the first to apply whose signature is not a
spoof for an (already well-established) trade-marked name or domain
name, should get the license, and all other applicants with a similar
name be refused. The name authority should be protected by the laws of
the countries in which it operates from being sued for refusing to
register confusable names.

Thus, our rôle reduces to providing some automatic methods to help the
authorities deal with the homograph problem, and we can quit discussing
the question of how to enforce authorities to adopt sensible naming
conventions: that ultimately belongs to the realm of law and
regulation.

George

Next message: Patrick Andries: "Re: orthographies"
Previous message: Asmus Freytag: "Re: orthographies"
Maybe in reply to: Erik van der Poel: "Re: [idn] IDN spoofing"
Next in thread: William Tan: "Re: [idn] IDN spoofing"
Reply: William Tan: "Re: [idn] IDN spoofing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.5 : Sat Feb 19 2005 - 19:43:35 CST