Many software applications rely on validation routines to check the validity of domain names. By validation, I mean here to test the string submitted by the user and see if it matches a pre-defined pattern. A typical example are web forms that need to validate e-mail addresses. This is by new means a new issue. It first appeared with the introduction of the .info Top-Level Domain (TLD). more
There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..." more
One topic does not appear to have a compellingly obvious localization solution in the multi-lingual world, and that is the Domain Name System (DNS). The subtle difference here is that the DNS is the glue that binds all users' language symbols together, and performing localized adaptations to suit local language use needs is not enough. What we need is a means to allow all of these language symbols to be used within the same system, or "internationalization". more
In follow-up to recent announcement on the release of the latest edition of the very popular DNS and BIND book -- often referred to as the bible of DNS -- CircleID has caught up with Cricket Liu, co-author and a world renowned authority on the Domain Name System. In this interview, Cricket Liu talks about emerging issues around DNS such as security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework). "Cricket Liu: We're now seeing more frequent attacks against DNS infrastructure. ...Turns out that name servers are terrific amplifiers -- you can get an amplification factor of nearly 100x. These attacks have raised awareness of the vulnerability of Internet name servers, which is possibly the only positive result..." more
One of the consistent chants we've always heard from ICANN is that there has to be a single DNS root, so everyone sees the same set of names on the net, a sentiment with which I agree. Unfortunately, I discovered at this week's ICANN meeting that due to ICANN's inaction, it's already too late. Among the topics that ICANN has been grinding away at is Internationalized Domain Names (IDNs) that contain characters outside the traditional English ASCII character set... ICANN has tied itself with the issue of homographs, different characters that look the same or mean the same thing. Once people noticed that IDNs let you register different names that look the same, the intellectual property crowd that has always had a mysteriously great influence on ICANN went into a tizzy and they went into lengthy discussions on what to do about them... more
In December 2003, the testing phase of Multilingual domains also known as Internationalized Domain Names (IDN), went live with the addition of over 350,000 multilingual domains to the .com and .net registries. As of 1st January 2004, the .com registry contained 300,409 IDN's, whereas the .net registry had 79,630 IDN's, representing around 1.25% of the total .com and .net domains. WebHosting.Info has analyzed these 380,039 IDN domains that are now live, and provided a detailed insight on trends and patterns across these domains. more
Gartner, the well known IT consulting company, has published a report on the new top level domains that will appear some time next year. The report totally misses the mark. In a pure US centric vision, it focuses on ".com" as the must-have TLD, totally overlooking the fact that a ".com" is mostly worthless e.g. in Germany, where ".de" is the TLD one must have to succeed locally... more
Since the Tunis WSIS mandate was given to the UN Secretary General to convene the Internet Governance Forum (IGF), interest on the new emerging entity and its possible effects on the IG debate has been allegedly high. But as time is approaching when the IGF inaugural meeting will start its activities in Athens, Greece, now, almost 10 days before its first -- ever meeting, participation of all stakeholders and key actors in the meeting has proved to be even more than expected in the first place. more
In its February 18, 2005 press release, WIPO has reported filing an average of 3.4 UDRP and UDRP-based cases per calendar day in 2004, bringing the total number of cases received in 2004 to 1,179 -- an increase of 79 cases (or 6.6%) as compared to 2003. Also mentioned in the report is a 37 percent increase in ccTLDs cases over the previous year. Listed below are a number of additional facts and figures reported... more
For a book project I decided to extend my interview with Milton Mueller from November 2003 (Part I | Part II). Exclusively for CircleID readers, here's part III that deals with WSIS, WGIG, US-American bias and the Internet Governance Project. "...One good result of the WGIG process is that the involved international community has already moved beyond those cliches. No one is proposing that the UN control the Internet. There is growing consensus that control of the DNS root needs to be internationalized..." more
Today, the ITU launched a new survey asking member states, ccTLDs and other ITU member organizations to provide answers to a specialized questionnaire asking for their experiences on the use of IDNs. The ITU states that it is reaching out to ccTLDs to "collect information and experiences on Internationalized Domain Names under ccTLD (country code Top Level Domain) around the globe." One of the goals of this survey is to collate information on the "needs and practices" of each ccTLD that is surveyed -- so as to compile a report from the ITU that speaks to the implementation of IDNs around the world... more
Anyone who knows Kenya knows it is famous for tea. And while I can now get Kenyan tea online from US companies like Starbucks, Caribou Coffee or any number of other re-sellers, like most consumers I would vastly prefer to cut out the middle man and buy my tea direct from Kenyan companies. Why not? But here's the rub... more
"If I would have a voting right, I would vote like this" said Janis Karklins, chair of the Government Advisory Committee (GAC) as he empathically raised two arms in the air. He was showing his, and the GAC's, overwhelming support for the ICANN Board unanimously (barring one abstention) passing the resolution that ratified the IDN ccTLD Fast Track process, propelling it toward an imminent release. A standing ovation was given from a grateful and exuberant audience and everyone seemed pleased with this momentous decision. more
In 1998, the United States government might have taken a different path in asserting its control over the technical administration of the DNS. It might have asserted full U.S. governmental control, or it might have turned over the functions to an international body such as the International Telecommunications Union. Instead, it created a "private-public partnership", incorporated as a California "nonprofit public benefit corporation", with a charter giving the company a dual mission of quasi-governmental functions combined with responsibility for operational stability of the Internet. more
Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN... more
A World-Renowned Source for Internet Developments. Serving Since 2002.