fergie wrote: > > If nothing else, expanding the TLD space expands the abuse footprint.
Since it does not introduce a new character set (everything is translated to letters, numbers, and hyphens), it really does not break any existing applications. New applications that choose to decode and store will need to track string lengths and not just look for a null terminator since everything becomes binary. Rendering fonts (decoding the unicode) is not usually an issue. The only thing it does introduce is more variations for phishers. For example, xn--ctbank-com-k8ab.cn becomes cÃtÃbank-com.cn. However, phishing has always been a problem. Frankly, I don't see it significantly increasing the threat landscape since it does not introduce any new risks. What I do wonder is if there will be backwards compatibility. Is "xn--hackerfactor.com" then same as "hackerfactor.com" since they have the same translation? Or do I have to register a new domain to prevent direct phishing? I mean, there could be some pretty cool exploits if someone registers xn--bankofamerica.us before the real bankofamerica.us can register it. As far as I can tell, www.bankofamerica.us really is the bank. bankofamerica.us has address 171.161.161.173 bankofamerica.us has address 171.159.65.173 bankofamerica.us has address 171.159.193.173 173.161.161.171.in-addr.arpa domain name pointer www.bankofamerica.com. 173.65.159.171.in-addr.arpa domain name pointer www.bankofamerica.com. 173.193.159.171.in-addr.arpa domain name pointer www.bankofamerica.com. However: Host xn--bankofamerica.us not found: 3(NXDOMAIN) Since the "xn--" prefix is just for an encoding, I would hope that it would apply to all existing domains. However, since ICANN does not say that it will, I seriously doubt that it will. Expect more phishing. Frankly, I have never seen ICANN fast-track any issues without introducing more problems than they were trying to solve. ICANN is a committee without any depth of thought. As I wrote in my blog, ICANN has a hard job, but they go out of their way to make it harder. They take years to enforce their own regulations, send all complaints to competing courts, and after ignoring important topics for years, they will haphazardly create a proposal, open it for comment, and then make a quick policy decision with very little serious thought. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) and "Hacking Ubuntu" (Wiley, 2007) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.