Verisign’s IDN gTLDs “could increase phishing” say Asian registries

Kevin Murphy, November 30, 2012, 21:46:23 (UTC), Domain Policy

It’s a bad day for Verisign.

As the company pins its growth hopes partially on its applications for IDN gTLDs — in the wake of losing its price-raising powers over .com — ccTLD registries from Asia-Pacific have raised serious concerns about its bids.

The Asia Pacific Top Level Domain Association says that many of its members reckon the proposed IDN transliterations of .com “could give rise to an increased risk of phishing and other malicious abuses”.

Verisign has applied for a dozen transliterations of .com and .net in scripts such as Hebrew, Cyrillic and Arabic. The strings themselves are meaningless, but they sound like “com” and “net”.

It’s for this reason that APTLD reckons they could cause problems. In an October 1 letter to ICANN, published today, the organization said:

In addition to the potential for user confusion, some [Working Group] members also noted that the creation of transliterated TLDs, without the development of adequate registration and eligibility polices and procedures, could give rise to an increased risk of phishing and other malicious abuses of the new spaces.

The WG notes that this potential problem manifests itself at the second level, and is not unique to tranlisterated TLDs, but would argue that the very nature of these TLDs, and their close similarity to existing TLDs, makes them particularly high-risk targets.

The letter does not single out Verisign, and does not represent a consensus APTLD view.

There are also worries among APTLD members about the application for .thai in Latin script, which could clash with Thailand’s IDN ccTLD, and various translations of “.site”.

APTLD notes that the new gTLD evaluation process only contains checks for visual similarity between TLDs.

The only way to block an application based on phonetic confusion is to file a String Confusion Objection, but the only entity eligible to object to Verisign’s applications is Verisign itself.

Tagged: , , , , ,

Comments (9)

  1. M says:

    If i understand verisign’s plans for these .com transliterations it is not clear how they can cause confusion.

    From Chuck Gomes, Verisign VP of Policy and Compliance:

    “Let me use our own plans for IDN versions of .com and .net as an
    example.

    Our current plans that we have communicated to our customers
    and others is as follows:

    Second level registrants for any .com or .net domain names will have the
    right to activate their second-level name for any IDN versions of the
    corresponding .com or .net name and no one else will be allowed to do
    that.

    All second level registrations for IDN versions of .com or .net will be
    associated with their corresponding ASCII .com or .net as applicable.

    In essence, the result will be that all active second level domain names
    for .com or .net (ASCII or IDN) will have the same registrant.

    For any
    that are not activated, they will be unavailable to others.

    I don’t think there should be any user confusion in the DNS in this
    approach.

    Do you?

  2. Steve says:

    Sweet! some idn owners have been waiting for this for over 10 years. Nice to see it is confirmed. Now hopefully they won’t charge to activate the idn version of .com or .net or at least let you use the one you prefer and leave the other dormant or forward it to the active version. There will be lots of champagne bottles popping when these go live next year.

  3. lee hodgson says:

    “The strings themselves are meaningless, but they sound like “com” and “net”.”

    I have to take issue with that. Its totally wrong that the strings are “meaningless”. In Thai, its .คอม – which is totally meaningful. It is searched more often by Thais than “.com” when searching for domain names in Google, and it means “computer”. Its probably more meaningful than “.com” is to westerners, and many many Thai websites already have “.คอม” in their logo.

    Yes, VeriSign has chosen to go with transliterations, but to jump from that to saying these transliterations have no native meaning is just plain wrong, sorry.

  4. Gary says:

    APTLD members are right, there is serious risk of phishing, BUT only if IDN.com and IDN.[transliteration of com] were registered to different people, but that is not the plan; Verisign plan to alias the new to the old.

  5. rima says:

    CNNIC allowed there to be different owners for

    green.china (ascii.ascii)
    and green.中国 (ascii.idn)
    and 绿色.cn (idn.ascii)
    nd 绿色.中国 (idn.idn)

    So no need to give existing registrants any priority!
    Verisgn can and should make money and no need to give it to existing idn.com owners
    So we new IDN fans, can get a chance to :-)

  6. ray says:

    CNNIC allowed there to be different owners for

    green.china (ascii.ascii)
    and green.中国 (ascii.idn)
    and 绿色.cn (idn.ascii)
    nd 绿色.中国 (idn.idn)

    So no need to give existing registrants any priority!
    Verisgn can and should make money and no need to give it to existing idn.com owners
    So we new IDN fans, can get a chance to :-)

  7. Steve says:

    绿色.中国
    绿色.中國
    綠色.中国
    綠色.中國
    xn--ip0Aq4E.xn--fiQs8S
    xn--ip0Aq4E.xn--fiQz9S
    xn--hf0As2H.xn--fiQs8S
    xn--hf0As2H.xn--fiQz9S

    绿色.cn
    綠色.cn
    xn--ip0Aq4E.cn
    xn--hf0As2H.cn

    All the same registrant.

Add Your Comment