Re: [I18nrp] Conservatism principle doesn't go far enough

["John Levine" <johnl@taugh.com>]

In article <A0F4590C3A54B244C34226F8@PSB> you write:
>--On Thursday, January 31, 2019 16:17 -0800 Larry Masinter
><LMM@acm.org> wrote:
>
>> https://chromium.googlesource.com/chromium/src/+/master/docs/s
>> ecurity/url_di splay_guidelines/url_display_guidelines.md
>
>> is interesting; one wouldn't want to register a domain which a
>> popular browser / OS won't display.

I am reasonbly sure that and domain you could register today in an
ICANN contracted TLD would be OK with Chrome.  You can put non-OK
subdomains under an OK 2LD, but I can't see what registries or
registrars can do about that, particularly when they're not hosting
the domains' DNS.

>deliberately), but the specification is quite clear.  And yet,
>surveys in ICANN-land have have shown SLD registrations for many
>such labels.

Funny you should mention that.  I went through and looked at all of
the IDNs in every contracted TLD zone file.  There's about 2 million,
half in .COM, half in other TLDs.  I checked for IDNA2003 and 2008
compliance, and I also parsed the per-TLD script rules at IANA and
checked whether the names match the rules.

I was pleasntly surprised to find that over 99% of the names are valid
under IDNA2008 and match one of the script rules for the TLD.  Of the
maybe 5000 that aren't, the biggest single group are ancient names in
.COM and .NET registered a decade or longer ago before there were
script rules, and that contain stupid stuff like currency symbols and
other punctuation.  I did some spot checks and could not find any that
were in use other than maybe pointing to a parked or for-sale web
page, so really, who cares?

Some of the new TLDs are just lazy.  They have to tell ICANN what
scripts they'll allow, and send the script rules to IANA.  Most do,
it's not hard, but a few can't be bothered. I found some TLDs with
names in scripts not on their list (Chinese mostly), and some with
scripts on their lists but not at IANA.  Nearly all of the rogue
Chinese names would be fine if the TLDs published the same Chinese
script tables as other gTLDs, so they seem lazy, not malicious, at
least in their choice of names.  ICANN agrees these are compliance
issues and I'm arranging to give them a feed of violators.

The ccTLDs of countries big enough to matter seem OK.  I can't get
many zone files but of the few I can get, .US has no IDNs, .se and .nu
(managed by .se) are squeaky clean, and a few small African countries
that allow public AXFR have no IDNs in their tiny zones.

There are a few bad actors like .WS and .LA who have sold their TLDs
to speculators whose registration rules primarily involve checking
that the charge went through.  There are emoji 2LDs in .la and .ws,
but given how few names there are in those TLDs that anyone cares
about, overblocking would be appropriate.

I'll be giving a talk on Two Million IDNs and What I Found at ICANN
Tech Day in Kobe in March.

R's,
John
-- 
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly