Brad Knowles wrote:
My point was that, if you're going to try to protect the users against homophone/homograph attacks, you need to do it in a standardized way.
Morover, the standards for controlling that need to be held by separate entities from those who are creating the tools which will implement those standards -- witness Microsoft's recent downgrading of Claria/Gator as a malware vendor, simply because they're looking at buying the company.
See Unicode Technical Report 36, rev 3. http://www.unicode.org/reports/tr36/ for a thorough treatment of the issues involved, under the auspices of the vendor-neutral Unicode Consortium. See in particular Appendix B, Confusables Detection, and Appendix F, Country-Specific IDN Restrictions. Finally, I just thought that I should point out that this problem potentially exists in internationalizing _any_ protocol that uses human-readable identifiers, not just DNS. -- Neil ** **