headers
Erik van der Poel | 20 Feb 18:25

[Fwd: Re: IDN spoofing]

George gave me permission to forward his email to this list.

Erik
Picon
From: George W Gerrity <g.gerrity <at> gwg-associates.com.au>
Subject: Re: [idn] IDN spoofing
Date: 2005-02-20 01:42:46 GMT
It has been stated quite clearly that the problem of spoofing TLD tags 
should not exist because the authority for a given TLD can (and should) 
accept only one coding for a TLD tag. However, where the TLD tag is a 
country code, second-level TLD tags can (and should) also be unique 
(eg, .co.uk, .net.au). I don't think that has been stated clearly 
before.

For the second-level (or third-level where the top is a country code) 
domain tag, it should be the legal responsibility of the name 
authorities for the domain above to ensure that spoofed names cannot be 
registered (or if registered, all belong to one owner). In the Western 
world, if that is not already the case, then I'm sure that the first 
time a spoof of, say Coca-Cola (or Pepsi — let's be even-handed) is 
registered, then we can be certain that afterwards, the issuing 
authority will never do it again.

In the case of countries whose law systems are still a bit wild and 
wooly (The former Soviet Union?), then I suspect that for the time 
being it will remain ‘Caveat Emptor’. In either case, a domain name 
holder should be able to license all spoofs for free, in order to limit 
its exposure to spoofing, whether or not there is adequate legal 
recourse.

The point I'm making is that while the authorities for .com.au or 
.com.ru may do what they like, we can at least give them advice plus 
some tables that will detect many, if not most, spoofs. In the case 
where the authority allows (for whatever reason) a name with mixed 
orthographies, then clearly the first to apply whose signature is not a 
spoof for an (already well-established) trade-marked name or domain 
name, should get the license, and all other applicants with a similar 
name be refused. The name authority should be protected by the laws of 
the countries in which it operates from being sued for refusing to 
register confusable names.

Thus, our rôle reduces to providing some automatic methods to help the 
authorities deal with the homograph problem, and we can quit discussing 
the question of how to enforce authorities to adopt sensible naming 
conventions: that ultimately belongs to the realm of law and 
regulation.

George
Permalink | Reply |

Gmane