Yes, I agree with Nigel's proposal. Thank you. Kind regards, AbdallaOn May 8, 2018 7:28 AM, Nigel Roberts <nigel@channelisles.net> wrote:
I suggest this request is placed on the agenda of the next call and that we
(a) note it formally (b) briefly discus the request itself (not a dicussion in the topic, which as we saw in AD has many implications)
Does that seem reasonable?
On 05/08/2018 08:15 AM, Katrina Sataki wrote:
FYI
*From:*Cathy Petersen [mailto:cathy.petersen@icann.org] *Sent:* Tuesday, May 08, 2018 3:39 AM *To:* Katrina Sataki <katrina@nic.lv> *Cc:* David Conrad <david.conrad@icann.org> *Subject:* Discouraging the Use of Emoji in Domain Names
/Sent by Cathy Petersen on behalf of David Conrad:/
30 April 2018
RE: Discouraging the use of emoji in domain names by ccTLDs for end user security
Ms. Katrina Sataki
Chair, Country Code Names Supporting Organization
Dear Ms. Sataki,
Lately, there has been increasing interest in the use of emoji in domain names, with some country code Top Level Domain operators (ccTLDs) allowing domain names with emoji to be newly registered at the second level.
The ICANN Security and Stability Advisory Committee (SSAC) studied the use of emoji in the domain name system and issued an advisory (SAC095 <https://www.icann.org/en/system/files/files/sac-095-en.pdf>) highlighting various associated risks. SSAC has identified at least three significant factors that may cause confusion in the use of emoji, making them a security risk and thus, unsuitable for use in domain names:
1.Many emoji are visually similar and can be difficult to distinguish, especially when displayed in smaller fonts or by different applications, as no standard specifies exactly how they should be displayed
2.
3.Some emoji can be “glued” together using a special joining character allowing them to be displayed as a single symbol by some systems. This creates the following two ways in which confusion can occur
a.To a user, a single unmodified emoji might look exactly the same as its “glued together” counterpart; and
b.For the systems that do not support emoji composition with the joiner character, they would display the individual components of a “glued together” emoji as a sequence of separate emoji, which may visually be very different from what was intended
4.The ability to apply different colors to some emoji by appending one of five skin tone modifiers for an anthropomorphic emoji is highly sensitive to user interpretation
Such confusability creates significant issues and concerns in the use of domain name system. As has been noted in an earlier SSAC report (SAC060 <https://www.icann.org/en/system/files/files/sac-060-en.pdf>), confusion in domain names can lead to denial of service or, worse, misconnection. Such confusion exposes domain names for phishing and other social engineering attacks, leading to security problems for end users (SAC089 <https://www.icann.org/en/system/files/files/sac-089-en.pdf>).
Noting these risks, the ICANN Board has resolved <https://www.icann.org/resources/board-material/resolutions-2017-11-02-en#1.e>that “that the Country Code Names Supporting Organization (ccNSO) ... inform their respective communities about these risks.”
We would respectfully request the Country Code Names Supporting Organization help by publicly reaching out to all ccTLDs, and specifically to the ccTLDs offering emoji domains,
to inform them about the end-user and systemic security risks in offering the emoji in domain names, and to discourage them from this practice to improve domain name system security for all users.
We thank the ccNSO in advance for considering this matter and l