NordVPN Promotion

Home / Blogs

Is Bulgarian Cyrillic .?? (.bg) Really Similar to Other Latin ccTLDs?

Bulgaria has proposed for an Internationalized Domain Name (IDN) ccTLD string .?? (Cyrillic for .bg, or U+0431 U+0433), but the proposal was turned down by the ICANN DNS Stability panel in May 2010 without any arguments or an option for appeal.

The proposed string is composed of two characters:

U+0431 CYRILLIC SMALL LETTER BE (?) and
U+0433 CYRILLIC SMALL LETTER GHE (?)

Reading the tables, provided with Unicode Technical Standard #39, I see that confusable characters are only:

0431 ; 0036 ; SL # ( ? → 6 ) CYRILLIC SMALL LETTER BE → DIGIT SIX #</p> <p>0433 ; 0072 ; ML # ( ? → r ) CYRILLIC SMALL LETTER GHE → LATIN SMALL LETTER R #

As a result, we see that the applied string .?? could be confused only with the string .6r, which does not exist.

The Russian case

Opponents to the Bulgarian proposal say that Russia first wanted to apply for .?? (Cyrillic for .ru), but then selected another one, because .?? was found to be confusingly similar with the Paraguayan ccTLD .py, and because of this, Bulgaria must be obedient and select another IDN string.

Looking again at Unicode Technical Standard #39, I see that:

0440 ; 0070 ; ML # ( ? → p ) CYRILLIC SMALL LETTER ER → LATIN SMALL LETTER P #</p> <p>0443 ; 0079 ; ML # ( ? → y ) CYRILLIC SMALL LETTER U → LATIN SMALL LETTER Y #

We have absolute similarity here! Very different than the Bulgarian case with 50% similarity.

Russia selected and received the .?? (Cyrillic for .rf) string. Looking for a third time at Unicode Technical Standard #39, I see that:

0440 ; 0070 ; MA # ( ? → p ) CYRILLIC SMALL LETTER ER → LATIN SMALL LETTER P #</p> <p>0444 ; 0278 ; ML # ( ? → ? ) CYRILLIC SMALL LETTER EF → LATIN SMALL LETTER PHI#

What do we have here? One similar character, and one not similar to a Latin basic character. So, how is this different from the Bulgarian case? Its the same! How the Russian string was approved, and the Bulgarian—not???

The DNS Stability panel rankings

[6] Both characters are visually identical to an ISO 646 Basic Version (ISO 646-BV) character.

[5] One character is visually identical to, and one character is visually confusable with, an ISO 646-BV character.

[4] Both characters are visually confusable with, but neither character is visually identical to, an ISO 646-BV character.

[3] One character is visually distinct from, and one character is visually identical to, an ISO 646-BV character.

[2] One character is visually distinct from, and one character is visually confusable with, an ISO 646-BV character.

[1] Both characters are visually distinct from an ISO 646-BV character.

The panel said that Bulgaria fails under [4] or [5], so the string is not accepted, because rank [4] or more is not good.

But, from my findings here, the Bulgarian (as the Russian) strings fail under [2] or [3], and its perfectly fine to be approved.

Security proposals

As another participant in the public comment forum said, two security proposals must be implemented:

“1. All names in the .?? (.bg) IDN ccTLD must be registered only with Cyrillic letters.”

“2. All names in the .?? (.bg) IDN ccTLD must contain at least one letter, which can be visually distinguished from the Latin alphabet (one of the letters: ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?).” (”?” may fail off this list, because of my findings.)

Examples

There must be really conservative people in the DNS Stability panel, who don’t like seeing domains like:

- ??????.?? because people would confuse it with paypal.br

Come on, ??????.?? and paypal.br? Compare with paypal.it and paypal.lt?

Others are afraid of seeing:

- ????.?? and pyca.br (whatever this means in Brazilian Portuguese) - check the second security proposal. The first domain can’t exist.

- - - - -

Dear DNS Stability panel members, what is wrong here?
Dear ICANN Board members, Bulgaria needs an appeal procedure!

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By George Todoroff, Web Developer and Security Consultant

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

NordVPN Promotion