Dave Crocker wrote:
After extensive analysis and discussion, the Mozilla community and Opera have already produced a fix for this, based on only displaying Unicode
IDN labels where the registry publishes and enforces well-defined anti-homograph policies, and displaying the Punycode equivalent
...snip...
3. How does this apply to subordinate domains that might or might not enforce "acceptable" policies, given that no all policy-making is at the TLD level?
It assumes that organization-level delegation of names is enforced by the TLD registry for all domains that it issues domains in. The assumption is made that operators and users of websites and other services have to place their trust in the chain of organizations delegating the DNS for their domain, and in particular, the one that registered the domain with the TLD registry. This reflects common practice, in which most services involving any significant value or risk are generally operated from their own domains in order to reduce the number of third parties to be trusted as far as possible. -- Neil