Not really
We are now ready for НSВС - this is by the way Cyrillic "N", Latin "S", Cyrillic "V", Cyrillic "S".
Isn't it just lovely? Every phisher's lucid dream coming true...
The Internet Corporation for Assigned Names and Numbers (ICANN) has finally shown the green light to the first ever generic Top Level Domains (gTLDs), and they’re all international strings written in Arabic, Russian and Chinese. The road to gTLD approval has been a long and tortuous one for many in the industry, but at least …
@ AC 06:59 - you do know there's countries other than your own, right? And that some people in those countries not only speak, but also type, in languages other than your own? Are you one of those 70% of Americans who doesn't own a passport by any chance?
Oh right, you're joking. Right? Good.
This doesn't diffuse the phishing potential pointed out above, but "my keyboard can't do it" isn't a valid argument.
"Should force them to stick to standard A-Z and reasonable variants thereof"
Well ignore the ignorant crap of dropping about half the world populations way of writing, define variations?
Are circumflex's ok? If so are we talking Latin style or greek?
What about cedilla's?
How about umlauts?
All these use countries use a "normal" A - Z (even A-Z is not standard), so feel free to which extent we exlude people?
Now may I direct you to Yahoo comments, they seem to have your level of world experience.
Actually, there's several methods for handling that out there already. Punycode has been mentioned in the comments here, there's idnccd and some more. Alternatively, a browser could have a configuration where it changes the background color behind non-ASCII characters to some configurable color. If you're worried about such attacks, you set that color to bright red or something loud like that and your HSBC will stand out like a sore thumb.
You could make that fully general by allowing assignment of colors to arbitrary Unicode ranges.
This post has been deleted by its author
"Icann explained its reasoning behind approving non-Latin script domains with following:
"You’ll note that we've been getting a bollocking in the media and from technical types about the way we seem to have been focussing on making money from the English-orientated world rather than making the internet accessible to the to those for whom the Latin script is not native. So to counter our critics we have taken steps to introduce Cyrillic and Chinese characters among others. We intend to make more top level domains available in the near future - once we have figured out the Cyrillic for .XXX and Chinese for .shop"
"
There fixed that for you.
"Icann explained its reasoning behind approving non-Latin script domains with following:
We can make more money this way. That's important because our reason to exist, and get paid, went out the window years ago, so we need to keep dreaming up new things to do regardless of how stupid they might be because we're unlikely to get new jobs at our age and with our track record of, well, stupid ideas."
Unicode includes combining characters (eg. put an acute accent on any other character). However, there are single character representations of the most common ones. Is there a plan on how to normalize this in URLs? Will á (u0225) be treated differently than á (a + u0301)?
http://en.wikipedia.org/wiki/Unicode_equivalence
Then there's the whole issue of full-width vs half-width characters. Phishers dream, indeed.