IDN FAQs

What are IDNs?

What browsers work with IDNs?

What is Punycode?

What domains can I register with international characters?

What are IDN.IDN domains?

Should I be concerned with ASCII spoofing?

 

What are IDNs?

IDNs (Internationalized Domain Names) are foreign language domain names (such as those in Arabic, Chinese, Cyrillic, Hebrew, and others) that contain non-ASCII (A-Z, 0-9) characters. The IDN is followed by either a Generic Top Level Domain (gTLD), such as .com, .net, .org., or a Country Coded Top Level Domain (ccTLD), such as .cn, .jp, .es, .de.

Some examples of IDNs:

Domains which are not English, but do not contain any non-ASCII characters (e.g. GutenMorgen.com, Computadora.net) are not IDNs.

To make the foreign language domain names consistent, they are translated (using Punycode) into an ASCII text representation that is compatible with the Domain Name System. A system called Internationalizing Domain Names in Applications (IDNA) was adopted as a standard, and has been implemented in several top level domains. In October 2009, (ICANN) approved the creation of country code top-level domains (ccTLDs) in the Internet that use the IDNA standard for native language scripts.

to top

What browsers work with IDNs?

IDNs require an IDN compatible web browser to be able to resolve IDN domains properly.

  • Internet Explorer 7 and up
  • Firefox
  • Opera
  • Safari (beta)

to top

What is Punycode?

Punycode is a way to represent international domain names with the limited ASCII character set (A-Z, 0-9) supported by the domain name system. For example "mnich" would be encoded as "mnich-kva". An IDN takes the punycode encoding, and adds a 'xn--' in front of it. So "mnich.com" would become "xn--mnich-kva.com".

to top

What domains can I register with international characters?

To see a listing of all available IDNs (including which EnCirca supports), go here.

to top

What are IDN.IDN domains?

IDN.IDN is an Internationalized domain name whose Top level domain (TLD) is also internationalized, which could be transliterated .com, .net, .org, etc. or be groupings relevant to the language at hand. So, for example, .cn, .com.cn and .net.cm would be changed to the chinese characters:

Korean, Japanese, Russian, Bulgarian, Hebrew and Arabic .IDNs have also been suggested. However, the switch to IDN.IDN will likely take many years to accomplish, since there are some issues to iron out.

to top

Should I be concerned with ASCII spoofing?

The use of Unicode in domain names makes it potentially easier to spoof web sites visited by web users as the visual representation of an IDN string in a web browser may appear identical to another, depending on the font used. For example, Unicode character U+0430, Cyrillic small letter a, can look identical to Unicode character U+0061, Latin small letter a, used in English.

In December 2001 Evgeniy Gabrilovich and Alex Gontmakher, both from the Technion Institute of Technology in Israel, published a paper titled "The Homograph Attack", which described an attack that used Unicode URLs to spoof a website URL. To prove the feasibility of this kind of attack, the researchers successfully registered a variant of the domain name microsoft.com which incorporated Russian language characters. Slashdot reported a similar experiment using the Paypal domain name in 2005.

These kind of problems were anticipated before IDN was introduced, and guidelines were issued to registries to try to avoid or reduce the problem. For example, it was advised that registries only accept characters from the Latin alphabet and that of their own country, not all of Unicode characters, but this advice was neglected by major TLDs. However, the newest versions of browsers have been upgraded to protect consumers from non-ASCII spoofed sites.

Starting with version 7, Internet Explorer is capable of using IDNs, but it imposes restrictions on displaying non-ASCII domain names based on a user-defined list of allowed languages and provides an anti-phishing filter that checks suspicious Web sites against a remote database of known phishing sites.

On February 17, 2005, Mozilla developers announced that the next software version still has IDN support enabled, but displaying the Punycode URLs instead, thus thwarting some attacks exploiting similarities between ASCII and non-ASCII characters, while still permitting access to web sites in an IDN domain. Since then, both Mozilla and Opera have announced that they will be using per-domain whitelists to selectively switch on IDN display for domain run by registries which are taking appropriate homograph spoofing attack precautions.

As of September 9, 2005, the most recent version of Mozilla Firefox as well as the most recent Internet Explorer display a spoofed Paypal URL as "http://www.xn--pypal-4ve.com/", clearly different from the original. Safari's approach is to render problematic character sets as Punycode. This can be changed by altering the settings in Mac OS X's system files.

to top