Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN...
Yesterday the ICANN board discussed and approved ICANN staff to enter into negotiations with ICM Registry, Inc. for the .XXX Top Level Domain (TLD). I'm sure there will be a longer more complete presentation from ICANN later about this, but as an individual board member I thought I'd post a quick note before people got carried away with speculation based on a lack of information.
At the December 2004 ICANN meeting in Cape Town, Vint Cerf said this to the Public Forum: "I want to go on record as saying... that I am no longer sure that I have a strong understanding of why I would be motivated to create a new TLD..." Dr. Cerf posed a question that has yet to be answered or even discussed by the DNS stakeholder community. While the technical and business cases for the introduction of new TLDs have been successfully made, what is the philosophical case for adding new TLDs? What semantics are encoded in TLDs, and how could those semantics be expanded in a consistent way?
With much awaited fanfare, .EU is inching ever closer to becoming real! I am a bit reluctant to say it is actually here until the gates are actually open, but I can imagine that there are many who are grateful as I am that the process has gotten as far as it has. On March 23rd, 2005, ICANN announced that they had approved an agreement earlier that week with EURid to have .eu added to the root zone...
Guilllaume Rischard setup a parody on verisign.com using the IDN spoofing trick. He managed to get one registrar to register verisign.com with a cyrillic S (U+0405) (ie xn--veriign-mog.com :-) This actually started in #joiito a couple of weeks ago after the Eric published the spoofing attack paper. A joke was made that it would be funny if someone did it to verisign.com and so he did. I suppose I could rant why VeriSign should adopt the JET Guideline (or ICANN Guidelines) but this parody would send a louder message.
Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental...
The .net Top Level Domain (TLD) contains the names of the main group of DNS root servers as well as the names of the servers for several other large TLDs, such as .com, .org, .arpa and .mil. Most of the focus about the .net redelegation has concerned the quality of the registration systems. But that is a minor matter next to the quality of the name server operation.
ICANN's latest announcement of preliminary approval for two new top level domains (.mobi and .jobs) and it's recently ended meetings in Cape Town, South Africa, have sparked off renewed discussions for the introduction of new TLDs -- more specifically, the expansion of sponsored and generic top level domains (TLDs). The following is a collection of recent commentaries made by both technical and non-technical members of the community with regards to the expansion of the domain name space. To add your comments to this collection, please use the comment entry form at the bottom of the page...
A new type of domain-name hijacking is being carried out unnoticed. It involves third-level domain-names associated with affiliate programs. If you had been an online affiliate of, say, company xyz.com, your affiliate Internet address could have looked like YourCompanyName.xyz.com.
ICANN has initiated arbitration (before the ICC's International Court of Arbitration) against VeriSign under the .net Registry Agreement, seeking declaratory judgments that many things VeriSign has done or attempted to do over the years (Sitefinder, ConsoliDate, IDN, WLS, and stemming the abusive actions of shell registrars when they destructively query the registry for secondary market purposes) violate that agreement.