unicode request blocking

Joris L. cache at commandline.be
Sat Apr 22 19:36:56 UTC 2017

Thanks Paul,

Evidently, indeed. If one registers a name it must be protected in any code, ascii, ansi, utf ...

Remains the problem of a man-in-the-middel and self generated certificates with legitimate server names, given the rise of free ssl certificates this may be a legitimate concern. It also suggests the creation and validation of certificates on the client side must be extended to registrars of domain names etc. to warrant safe usage. I've not really put much thought in it since i'm not in a position to make a difference anyway.



Sent from ProtonMail mobile

-------- Original Message --------
On 22 apr. 2017 21:31, Paul Wouters wrote:
On Sat, 22 Apr 2017, Joris L. wrote:

> Thanks Paul, i understand, mostly. I must admit i'm somewhat dumbfounded with
> "The real fix here is that .com needs to come up with proper policies
> regarding mixing scripts and domain bundling, something that the
> newGLTDs did properly. "

See https://archive.icann.org/en/meetings/saopaulo/presentation-IDN-tutorial-03dec06.pdf

> What do you mean with "mixing scripts and domain bundling" ?

Mixing a Cyrillic "c" in a latin alphabet will very hard for humans to
distinguish from a Latin "c", so this must be disallowed, or at the
very least end up at the same Registrant.

For domain bundling, see https://cira.ca/assets/Documents/Legal/IDN/faq.pdf

It means that since I have registered "nohat.ca", no one but me can
register "nohâts.ca". These names come in a "bundle" to the same
Registrant only.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170422/46ab65bf/attachment.htm>

More information about the Unbound-users mailing list