Language Selection

English French German Italian Portuguese Spanish

Non-English Domain Names Likely Delayed

Filed under
Web

Concerns about "phishing" e-mail scams will likely delay the expansion of domain names beyond non-English characters, the chairman of the Internet's key oversight agency said Friday.

Vint Cerf, head of the Internet Corporation for Assigned Names and Numbers, would not speculate on when such characters might appear but said Internet engineers must now spend time "trying to winnow down, frankly, the number of character (sets) that are allowed to be registered."

Demand for non-English domain names is high outside the United States and a U.N. panel studying Internet governance said in a report Thursday that "insufficient progress has been made toward multilingualization." It cited the lack of international coordination and technical hurdles as among the problems.

Officially, the Internet's Domain Name System supports only 37 characters - the letters of the Latin alphabet, 10 numerals and a hyphen.

But in recent years, in response to a growing Internet population worldwide, engineers have been working on ways to trick the system into understanding other languages, such as Arabic, Chinese and Japanese.

Engineers have rallied around a character system called Unicode.

But security experts warned earlier this year of a potential exploit that takes advantage of the fact that characters that look alike can have two separate codes in Unicode and thus appear to the computer as different. For example, Unicode for "a" is 97 under the Latin alphabet, but 1072 in Cyrillic.

Subbing one for the other can allow a scammer to register a domain name that looks to the human as "paypal.com," tricking users into giving passwords and other sensitive information at what looks like a legitimate site. It's much like how scammers now use the numeral "1" sometimes instead of the letter "l" to trick users.

"In some of the early tests, ... it became clear we had opened up the opportunity for registering very misleading names," Cerf said in a conference call wrapping up ICANN's meetings this week in Luxembourg. "This kind of potential confusion leads to parties going to what they think are valid Web sites."

Cerf said it may be possible to proceed with character sets that aren't at risk of confusion as the standards-setting Internet Engineering Task Force tackles the broader security concerns with non-English names.

Tests of non-English characters have been going on for years, and in a few cases they are fully operational. Last year, operators of the German ".de" domain began offering 92 accented and other special characters, including the umlaut common in German names.

But ICANN has yet to approve domain names entirely in another language; all addresses now must end with an English string such as ".com."

Associated Press

More in Tux Machines

today's leftovers

Linux/FOSS Events

  • The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
  • OpenShift Commons Gathering event preview
    We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

  • Report: Linux security must be upgraded to protect future tech
    The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
  • security things in Linux v4.6
    Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements