...
The advice concerns the management of internationalized domain name variants. SSAC reviews a variant management mechanism as service with 2 purposes: to enhance security and stability of IDNs that have variants, and to promote an acceptable
experience that meets the user expectations for those IDNs. SSAC calls for a conservative approach in the delegation and management of variant domain names. The advice stated that an IDN and its variants must be treated as a single package from a domain provisioning and life cycle management perspective. Otherwise, users of IDNs that have variants would be susceptible to phishing and other impersonation attacks.
To promote an acceptable experience that meets the user expectations for those IDNs that have variants, variants of an IDN that are in actual use can be delegated. However in defining rules for such delegations, policy makers need to be aware of two very important limitations.
- The first limitation is that there is no protocol solution in DNS to enforce equivalence of variant domains throughout the DNS hierarchy. In addition, there are no protocol solutions for applications such as HTTP, SMTP, or TLS to ensure equivalence of variant domains in their operations.
- The second limitation is that management of variants can introduce a combinatorial explosion at registries, registrars, and registrants. If not handled well, such variants would create operational problems for these entities.
...