Oh frabjous joy
This is going to be great... for scammers. IDN bases off of unicode, and unicode, that one million and a bit collection of characters and other typographic artifacts, not all of them defined (yet), is not really suited to _unambiguous_ representation. You may have an A now, quite distinct from the other allowable signs (though 1 and l and I and 0 and O regularly pose problems already), then you'll have a varieties of A with or without accent, or just funny looking. As to accents, you have characters-with-accent (one code point) or you can have the same as character (one code point) and accent (another code point). Or maybe you try character-with-accent (one code point) with that same accent (another code point). Or you pick another character that looks an awful lot like this one, but is from another language. And then you re-start the accenting game again. Or you mix in zero width spaces, or whatever else you can come up with. Only a million-and-a-few choices. Did I say not really suited to unambiguous representation? I ment really not suited to unambiguous representation of domain names.
Now, the ICANN bois know this, so there are Rules what is allowable and what is not. But the problem is that they have a big space of possible abuse and the rules punch out a few attack vectors. Did they really think of all possible attack vectors? I think not.
Thus, frabjous joy ahead.