Slashdot Mirror

← Back to Stories (view on slashdot.org)

International URLs Pass First Test

Posted by Zonk on from the nice-to-see-some-new-faces-online dept.

Off the Rails writes "The BBC reports on the results of a successful test of non-ASCII domain names on Internet-equivalent hardware (pdf) carried out last October. The next stage is to plug the system into the net, and if it still works, it could go live sometime next year. 'Early work on the technical feasibility of using non-English character sets suggested that the address system would cope with the introduction of international characters tests were called for to ensure this was the case ... Also needed are policy decisions by Icann on how the internationalised domain names fit in and work with the existing rules governing the running of the address books. Icann is under pressure to get the international domain names working because some nations, in particular China, are working on their own technology to support their own character sets.'"

8 of 159 comments (clear)

  1. Re:In practice it means "national" URLs. by leuk_he · · Score: 2, Informative

    umlaut is hardly a problem if you set the use keyboard to üs-ïnternätional. But asian/hebrew/arabic/hebrew charcacter are much more difficult to enter... in my expierence.

    But you will still be able to click them. IDN support is available in most popular browser (although disbled for security issues.)

  2. Re:Phishing just got a lot more interesting by slart42 · · Score: 4, Informative

    >Imaging all the new ways to spell bank0famerlca.com.

    This is already happening. A common example is the cyrillic lower case "?", which looks almost exactly like the latin "a" in most fonts.

    See http://en.wikipedia.org/wiki/IDN_homograph_attack for more information.

  3. Re:Phishing just got a lot more interesting by colfer · · Score: 3, Informative

    Preventing that has been part of Mozilla's IDN implementation, and I assume other browsers have addressed (ha) it as well. If a TLD, like .ie, Ireland, has a policy against phishing, and a table of lookalike letters, then Firefox will present the IDN address in the address bar in its own, non-English, language. Otherwise, Firefox displays the address in its IDN-encoded form, which is all ASCII. AFAIK, from reading bug reports on Mozilla, this is already in force.

  4. Re:Phishing by evought · · Score: 2, Informative

    This has actually been discussed to some extent for years. One method is to only allow domains to be registered or displayed in a single language character set, such that a domain name can use latin characters or greek characters, but not both. This can be enforced at registration or when displayed in the browser (the browser can highlight improper URLs). This does not prevent attacks where the entire spelling of the domain is available in an alternate character set. One solution is for the browser to somehow tell the user what language a URL is written in.



    Here is a detailed description of how IE handles this, and also a w3c page discussing general techniques and different browsers. An interesting note is the possible use of the fraction slash to add fake urls to a domain name. Of course, at the end of the day, standard phishing protection applies to domains which slip through the net.

  5. Re:Phishing just got a lot more interesting by colfer · · Score: 2, Informative

    Here are the references on IDN puny-code spoofing prevention settings in Mozilla. http://kb.mozillazine.org/Network.IDN.blacklist_ch ars http://kb.mozillazine.org/Network.IDN.whitelist.* http://kb.mozillazine.org/Network.enableIDN http://kb.mozillazine.org/Network.IDN_show_punycod e For example. .jp Japan is whitelisted but .ie Ireland is not. There was a debate between people that wanted to disable or hobble IDN/puny-code, for security, and people who wanted to internationalize Mozilla completely. The resulting blacklist/whitelist and configurability was a compromise.

  6. Re:Dibs! by kimba · · Score: 2, Informative

    I got dibs on sêx.com!


    Umm, you do realise this was registered in 2005? Such domains already exist and can be registered today.

    The technical test is about having Internationalised Domain Names at the top-level, or root, of the DNS. So then you can have .sêx rather than .sex.
  7. Re:Balkanising the internet? by kimba · · Score: 2, Informative

    My concern would be for all the internet filtering and firewalling software which explicitly only allows ASCII in HTTP headers.


    IDN encoding is pure ASCII, in a similar way that MIME email attachments are. The protocol layer never sees anything other than letters, numbers and hyphens. All IDN encoded domains are prepended with "xn--" so that end-user interfaces can tell them apart and convert them back and forth.
  8. Re:Maybe not.. by Petrushka · · Score: 2, Informative

    Just about any e-mail service should enable the use of non-ascii characters. Any halfway decent e-mail client will; if you're using Thunderbird or Mail or Pegasus, just set the character set to UTF-8; I believe Pine allows UTF-8 too. (Personally I can't imagine any reason for not using UTF-8 as default; I use it all the time, even though almost all of my e-mails are in English.) Most web-interfaces allow it as well: Gmail certainly does, for example; I'm pretty sure Yahoo does.