From: Peter Kirk (peterkirk@qaya.org)
Date: Tue Feb 22 2005 - 05:01:15 CST
On 22/02/2005 05:18, Erik van der Poel wrote:
> ...
>
> As George points out, the registries are going to have to start
> filtering IDN lookalikes, otherwise they will eventually face lawsuits
> from the "big boys" (as George so delightfully puts it). ...
It seems to me that there is another approach for the registries which
might well work for them with a lot less trouble, and keep the lawyers
off their backs. That would be to disclaim any kind of responsibility
for spoofing, and accept all syntactically permissible IDNs - or perhaps
with restrictions which are nothing to do with anti-spoofing. And I am
sure that in practice at least some registries will try this approach
unless forced to change by courts - changes which might be forced in
the USA but probably not in every legal jurisdiction.
Thus the problem for registries may go away, but not the problem for
spoofed sites and their users. So there is a need for a solution in
other places.
Anyway, spoofing does not always rely only on graphical similarity. I
remember seeing "Panosonic" products on sale in a former Soviet country
a few years ago. The sellers were obviously relying on the superficial
similarity to "Panasonic", and the same spoofing could be just as
effective on the Internet. But no registry would automatically refuse
panosonic.com etc - in fact this domain is for sale, I'm surprised
Panasonic hasn't bought it.
There are also spoofing opportunities with TLDs. Will Russians always
have to type .ru in Latin script, or will the Cyrillic equivalent .ру be
an acceptable alternative? The problem is that the latter looks
identical to .py for Paraguay.
-- Peter Kirk peter@qaya.org (personal) peterkirk@qaya.org (work) http://www.qaya.org/ -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.3.0 - Release Date: 21/02/2005
This archive was generated by hypermail 2.1.5 : Tue Feb 22 2005 - 05:01:48 CST