Re: [Idna-update] emoji and security

"John Levine" <johnl@taugh.com> Tue, 13 March 2018 20:17 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: idna-update@ietfa.amsl.com
Delivered-To: idna-update@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC826126C89 for <idna-update@ietfa.amsl.com>; Tue, 13 Mar 2018 13:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.76
X-Spam-Level:
X-Spam-Status: No, score=-1.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=iiJWWzjH; dkim=pass (1536-bit key) header.d=taugh.com header.b=TULvKFnt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uG7IS6_DC129 for <idna-update@ietfa.amsl.com>; Tue, 13 Mar 2018 13:17:21 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB71C128896 for <idna-update@ietf.org>; Tue, 13 Mar 2018 13:17:21 -0700 (PDT)
Received: (qmail 67413 invoked from network); 13 Mar 2018 20:17:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=10752.5aa831d0.k1803; bh=UBnMs9rQZJNUxVezUvEgkxkrB4cB/ecWq/KsZYNf2mI=; b=iiJWWzjHOYWLPJmTE16+iIxy7OEnGe1nd2/C8JX8O8O+T65dQlWtGkNcVnms8Dd1PP3vxXC9WD8ABPY1CSftTNxWhrp4Scjzj0LhVZFXk3D2MO/Abq+4FUGi/8BN2GSF/SdNDtKn3+AWKU7DL9ExjcQ4+M6szAmreQW94wi0HgKRuNnjYAlommXcJ5yFXTmhnUyO3g53vNaGj+X3ANlb47e1vhU1CCvbNxL31bQ986U2fPWvCZx8ur22XwY1SRaJ
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=10752.5aa831d0.k1803; bh=UBnMs9rQZJNUxVezUvEgkxkrB4cB/ecWq/KsZYNf2mI=; b=TULvKFntmXAuAtKZwW4FvPcBElgzgRALKZ+EsP6eSLuOA4VVnt14cjMrybYHx1SQFM/Qv/6VVKBOQABrDZsEvyu1khBZ7gbJZ4sF5Hp+vqZ+vE6i70DZCccUuswVmI2ddfW30MYHpnWbH2Ba7UcdJfMO+RRCHXENrvtH/uHWSOUGbp/Frd9l/ZFhrAsXCtQyWaHQtw8x8pKJHx3ABGhpBMUm2W6iZVek4d+70NRjP3+m+AEFz7IoUGQACLIyzG00
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 13 Mar 2018 20:17:20 -0000
Received: by ary.local (Postfix, from userid 501) id 2C67F2286F17; Tue, 13 Mar 2018 16:17:19 -0400 (AST)
Date: 13 Mar 2018 16:17:19 -0400
Message-Id: <20180313201720.2C67F2286F17@ary.local>
From: "John Levine" <johnl@taugh.com>
To: idna-update@ietf.org
Cc: bortzmeyer@nic.fr
In-Reply-To: <20180313093035.fcax6v3zmz3nv34r@nic.fr>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/idna-update/h8la7-1-Y3moBbOJC_T1i5A7PYI>
Subject: Re: [Idna-update] emoji and security
X-BeenThere: idna-update@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Internationalized Domain Names in Applications \(IDNA\) implementation and update discussions" <idna-update.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idna-update>, <mailto:idna-update-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idna-update/>
List-Post: <mailto:idna-update@ietf.org>
List-Help: <mailto:idna-update-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idna-update>, <mailto:idna-update-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 20:17:23 -0000

In article <20180313093035.fcax6v3zmz3nv34r@nic.fr> you write:
>> there's a general consensus that emoji and secure IDNs do not go
>> together.
>
>Since the IDNA standard does not allow emojis, I'm not sure of the
>point.

Hi from ICANN in San Juan.  You know and I know that emoji domains are
a bad idea for all sorts of reasons.  But there are registries and
registrars that believe they will make big buck$ by selling them.

There have been some presentations on what's permissible and emoji
specifically which the ICANN leadership appears to understand.
Domains like .WS will sell whatever they can sell and there's not much
anyone can do about that.

Amusingly, .WS announced with great fanfare that they'd sell emoji and
managed to screw it up so the missold the same emoji to multiple
people.  We TOLD them they were easy to confuse.

R's,
John