ICANN ICANN Email List Archives

[ssac-gnso-irdwg]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ssac-gnso-irdwg] Next Meeting

  • To: Avri Doria <avri@xxxxxxx>
  • Subject: Re: [ssac-gnso-irdwg] Next Meeting
  • From: Dave Piscitello <dave.piscitello@xxxxxxxxx>
  • Date: Wed, 3 Aug 2011 07:47:39 -0700


On Aug 1, 2011, at 12:13 PM, Avri Doria wrote:

> My view, however, is that while it may be ok to list policy issues, that must 
> be done in a neutral and balanced way.  Especially one that does _not_ 
> presume ill-intent and malice on the part of people who register IDN domain 
> names and who may not know a Latin based language or have comprehension of 
> ASCII.  After all what are IDNs for if not for people who have no access to 
> Latin based languages.  

I would characterize any presumption that there is a relationship between the 
inability of a user to submit registration data in a Latin based language and 
an intent to defraud or act in malice as a terrible bias and hence a matter of 
ethics. 

> 
> Additionally I have often been informed that the IPR, in so far as there may 
> be IPR, problem is predominately a LATIN based language problem.  

The global phishing statistic seem to confirm this. See the APWG reports on 
global phishing trends by Rasmussen/Aaron, published twice annually.

> If that is so, I would hope that we could avoid forcing the entire IDN world 
> of domain names to deal with the same forms of universal suspicion and 
> defensive behavior we have been subjected to in ASCII names. 

If I understand this correctly (and I may not), this is perhaps an inevitable 
outcome. All domains and their associated registration records should be 
subjected to the same scrutiny before concluding a domain is trustworthy or 
suspicious. Whether the data we examine is in ASCII or UTF-8 is irrelevant. 

The worry (fear) that someone who needs to examine registration data will be 
unable to do so if the record is not in ASCII is IMO a herring. The web is 
exactly this today: someone can host a phishing page to attack my company and 
unless I am able read the characters from the script the attacker uses, 
*irrespective* of what my native language is, I have to seek outside help to 
understand the phish. How is this different from registration data? 

The fear seems to be more about who is being shifted out of a comfort zone and 
who's zone is being made more comfortable.






<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy