Recently, it was decided that a whitelist was not scalable in the face of hundreds of new TLDs, and that we had to come up with a new approach. We did, based on some suggestions from the Unicode Consortium:
The new criteria are not as strict as the old (for example, they can't spot whole-script homographs (All-Latin "scope.tld" vs all-Cyrillic "ѕсоре.tld"), but are the best we can do programmatically without a manually-maintained whitelist, and without compromising other principles (like "works somewhere => works everywhere").
Up until now, Verisign have not formally applied for inclusion in the TLD whitelist, although preliminary discussions have occurred on more than one occasion. Now, they have applied (for .com, .net and ..name), and their current policies do meet the new criteria: https://bugzilla.mozilla.org/show_bug.cgi?id=770877
However, given that it was a .com domain which started all this fuss, I thought it was worth posting publicly in case anyone had any comments.