I don't know of any other IEEE/NANOG/IETF/ICANN-sanctioned method to
completely confuse even a savvy IT user who is trying to determine the
validity of an SSL site.
There are dozens of ways we know of, and probably more that lie
undiscovered,
to exploit vulnerabilities in DNS, browsers, and in human nature to
conduct
phishing.
Sure, there are bugs and hacks. The existence of such does not justify
approving new measures (in this case, a glaring security hole) as a
global standard. In fact, quite the opposite: folks are generally trying
to fix such problems, not push them forward in public policy agenda.
It's clear that no one intended for the side effect of a complete
meltdown in the user layer of SSL (where the only thing you can do is
double-check the URL in your browser and verify there's a padlock icon
in your status bar), but the side effect is there and it's naive to
pretend that fairness to non-English folks or globalization justifies a
hole this large. Certainly, the vulnerability is just as much a problem
for the targeted benefactors of this change.
-Jason