IDN in dot net
I would like to raise a few points about IDN policy issues in the context of the dot net evaluation process.
Upon reading Telcordia's evaluation report, two issues that sticks up in my mind are:
a. Virtually no weight has been placed in the IDN category.
b. Verisign's overly optimistic IDN policy has created a bunch of legacy names and will continue to open up the doors for phishing attacks and confusion. One could even argue that it may eventually lead to users losing confidence in IDN.
As you know, Verisign's current IDN implementation allows any names to be registered as long as the registrant submits a language tag for which they do not have a character inclusion table. It is exactly this policy that made it possible for Eric Johanson to register his proof-of-concept domain, paypal.com with a Cyrillic 'a' (http://www.shmoo.com/idn/homograph.txt).
Out of all five applicants, Sentan is the only applicant that suggested to put a stop to this. The proposed plan of action is: grandfather existing names, remove controversial tables, add mature tables, then allow registrations only in languages for which language tables exist. NeuLevel has adopted tables from various currently deployed languages in their respective countries, and have consulted with those registries and language communities. The languages proposed were: Chinese, Japanese, Korean, French, German, Icelandic, Swedish, Norwegian, Danish, Polish, Thai. Each of these languages have been deployed in one or more registries, and the language tables are publicly available either on the IANA language table registry or on the registry sites. Specifically, advice was sought on the deployment of said language tables in a gTLD context, the security implications and how best to be conservative without crippling legitimate use.
I believe that this approach, though conservative, echoes many of the concerns raised by the community in the recent IDN list discussions. Sentan should be applauded for putting cultural respect, compliance and the stability of the Internet over profit.
Apparently, the evaluators missed the point.
At first glance, Verisign does comply with ICANN's IDN guidelines but, really, it is taking advantage of the fact that the guidelines (deliberately or not) omitted many details. They did not violate the clauses of the guidelines, but have in every sense violated its spirit and purpose. Not only did Verisign show any plans to improve the situation in their proposal, they were proud to claim to be the only registry to support all languages and code points.
Is this an example of the community closing one eye on important issues, or a case of negligence on the part of the Telcordia?
Disclaimer: I have worked as a consultant for NeuLevel providing expertise in the area of IDN's however I am no longer affiliated any bidder.