AD3.2 refers. The stated threat is not explicitly covered. The introduction of a "current threat" opens up the wider aspects of dealing with all current threats, which is how it is treated in this review. There is a practice (not policy yet) of issuing Punycode certificates only to members who have code-signing status (which is 100 points, but it itself is not defined in policy). The particular issue of IDN spoofing is covered by the policy statement CPS3.2 that IDNs are only available to Assurers.