Brian Krebs writes on how browsers choose to display IDN. The issue here is of course spoofing valid URLs with visually similar letters. You probably would notice the lame attempt in the department line but some of the international characters are very similar or indeed identical. Depending on your personal preferences it might be a good idea to use punycode instead. Could save you a headache later.
https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/
Here are some of the applicable RFCs:
(Score: 2) by driverless on Sunday March 11 2018, @10:50PM (2 children)
I've always felt that punycode should be called wtfcode, because, WTF? It has exactly the problem you mention, is incredibly complex to process, the code to do so is probably prone to all sorts of vulns because of its complexity, and all it's doing is taking something that's a problem and turning it into an even worse problem.
(Score: 3, Touché) by coolgopher on Monday March 12 2018, @01:02AM (1 child)
Sounds like its true name then is XML... ;)
(Score: 0) by Anonymous Coward on Monday March 12 2018, @04:01AM
XML is like violence...