On Tue, Mar 30, 2010 at 7:06 AM, Keith Gaughan <[log in to unmask]> wrote: > On Mon, Mar 29, 2010 at 12:45:43PM -0400, Dana Nutter wrote: > >> So one could still commit fraud if the faux domain consists of >> characters entirely withing the same script. Some domains could still >> be faked entirely within Cyrillic for example. A sequence like "ace" >> for example could be in either script, and it is possible there could >> be legit organizations in each realm. > > Quite true, but it does lower the area of the attack significantly and > means that the registry can manually intervene in the case of such > registrations. What they are doing now does help, but it's far from a total solution. >> I think it may be best just to lump homoglyphs together and with each >> domain registration, include all permutations. > > That's a good idea too, so long as the domains with mixed scripts are > prohibited. That's just it. If you own all of the permutations of a particular name, then you will own the mixed version too. The hard part though would be setting up your DNS server to accomodate all the possibilities which really wouldn't be necessary because just owning all those other domains will at least keep them out of malicious hands.