I still think that supporting Unicode in domain names is asking for trouble. Don't believe me? Just wait until a few thousand people get suckered into giving their credit card information to "amazοn.com". That's amazοn with a lower-case omicron, not an O. A workaround for this, used by Safari and probably others, is for the browser to only display the ASCII-encoded versions of the URLs -- in this case, "xn--amazn-uce.com" -- but that defeats the purpose of having Unicode in your DNS in the first place.
I was going to say something precisely to this effect, but you already hit the nail on the head. Given enough time, the odds of something like that happen will approach 1; and, suspecting how people that create frauds work, this won't take long to happen, either.
Looks like it's going to become more important than ever to not only check for the " https:// " but also click on it to be sure it's from the source you trust. --- until Verisign is replaced with the unicode look-alike to itself.
> I frequently get asked how and where I registered a non-ASCII domain name. Many — probably most, in fact — domain name registrars don’t support IDN. I used Dynadot to register mine, and consider myself a satisfied customer.
Bizarrely all the registrars I checked seem to have a separate search portal for IDN, and don't even let you search for the punycode version using their normal tools.
6 comments
[ 3.4 ms ] story [ 12.1 ms ] threadLooks like it's going to become more important than ever to not only check for the " https:// " but also click on it to be sure it's from the source you trust. --- until Verisign is replaced with the unicode look-alike to itself.
Bizarrely all the registrars I checked seem to have a separate search portal for IDN, and don't even let you search for the punycode version using their normal tools.