The risks of using "Eszett" or "sharp s" ("ß") in domain names

With the transition from IDNA2003 to IDNA2008, there will be four characters that deviate in how they're handled.  Meaning that when they are used in a domain name, these characters will resolve to a different IP address under the rules of IDNA2003 than they do under the rules of IDNA2008.  On such character is the Latin small letter sharp s – also known as "Eszett" or "sharp s" ("ß") with code point U+00DF.  Registries have been advised to implement bundling and blocking rules that would protect the registrants of domains with the character "ß" in them.  This would mean that an owner of http://straß would also be the guaranteed owner of  However, some registries such as DENIC are not implementing these measures as they move to IDNA2008.

This means that when Alice goes to visit http://straß in her favorite browser that implements IDNA2008 she'll be taken to the domain she expects.  But when she visits the site at her friend's Bob house, using his browser that implements IDNA2003, she'll be taken to which could be a spoofing site.  In a scenario such as online banking this becomes a big deal.  And we can't possibly expect Alice and Bob to be aware of these incompatibilities can we?  Time will tell.