Erik van der Poel <[EMAIL PROTECTED]> wrote: > How do you propose to shut the phishers out of .com when a popular > IDN plug-in (i-Nav) for the most popular browser (Microsoft Internet > Explorer) is made by *VeriSign*, the very company that controls the > .com registry?
If i-Nav leaves its users exposed to phishing attacks, and the users are bothered by it, then I would expect them to switch to a different IDN plug-in. isc.org released an alpha3 version of such a plug-in a year ago, so maybe that could be whipped into shape quickly. > Besides, in networking, it's better to be conservative. You don't > start with a short blacklist and then grow it when you find others. > No, you start with a whitelist, and grow that. I agree, but in this case, we have already missed the start. If we introduce a whitelist now, after IDN deployment is already well underway, we are effectively punishing an unknown number of innocent early adopters, which seems like a betrayal. If we had forseen this problem, we could have set up the whitelist in the beginning, and registries & registrars would have known to get themselves added to the whitelist before making any promises to their customers. AMC
