

The perils of internationalized domain names - js2
http://daringfireball.net/2010/09/starstruck

======
pjscott
I still think that supporting Unicode in domain names is asking for trouble.
Don't believe me? Just wait until a few thousand people get suckered into
giving their credit card information to "amazοn.com". That's amazοn with a
lower-case omicron, not an O. A workaround for this, used by Safari and
probably others, is for the browser to only display the ASCII-encoded versions
of the URLs -- in this case, "xn--amazn-uce.com" -- but that defeats the
purpose of having Unicode in your DNS in the first place.

~~~
avar
Browsers are already aware and defending against this:
[http://en.wikipedia.org/wiki/IDN_homograph_attack#Defending_...](http://en.wikipedia.org/wiki/IDN_homograph_attack#Defending_against_the_attack)

------
blasdel
_> I frequently get asked how and where I registered a non-ASCII domain name.
Many — probably most, in fact — domain name registrars don’t support IDN. I
used Dynadot to register mine, and consider myself a satisfied customer._

Bizarrely all the registrars I checked seem to have a separate search portal
for IDN, and don't even let you search for the punycode version using their
normal tools.

------
steve19
If you you firefox and want to prevent the possibility of IDN spoofing, you
can turn it off in about:config. Set network.enableIDN to false.

------
borneogamer
I shall await a spoofed google.com with cyrilic o's instead of unicode o's and
cackle with glee when people visit it

