1 / 27

.th IDN Deployment

.th IDN Deployment. Phisit Siprasatthong THAILAND. IDN Overview. What is IDN? Why IDN? Benefits and drawbacks. What is IDN?. IDN (Internationalized Domain Name) is a domain name which can contain non-ASCII characters ทีเอชนิค .th 日本語.jp 中文.tw And more. Why IDN?.

santo
Download Presentation

.th IDN Deployment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. .th IDN Deployment Phisit Siprasatthong THAILAND

  2. IDN Overview • What is IDN? • Why IDN? • Benefits and drawbacks 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  3. What is IDN? • IDN (Internationalized Domain Name) is a domain name which can contain non-ASCII characters • ทีเอชนิค.th • 日本語.jp • 中文.tw • And more... 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  4. Why IDN? • Increasing number of non-English speaking Internet users • Native names are usually easy (for native speakers) to remember than romanized names • Different words in native character set share the same romanized form, thus brings confusion e.g. วัด (temple) → wat วัฒน์ (progress)→ wat วัจน์ (speech) → wat 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  5. Benefits & Drawbacks of IDNA • Benefits • Can be handle by existing DNS • Have been standardized; supported by many applications • Drawbacks • Client-side applications have to be upgraded; native supports in some popular applications have not be implemented yet • Top-level domains still remain in ASCII 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  6. IDN in General • IDN standards • How IDN works • Server-side configurations • Client-side applications 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  7. IDN Standards • Proposed by IETF (in several RFCs) • Consists of:- • RFC 3454: Stringprep • RFC 3490: IDNA • RFC 3491: Nameprep • RFC 3492: Punycode • implementation methods following these standards are called “Internationalizing domain names in applications (IDNA)” 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  8. How IDNA works • End user input IDN into supported application e.g. Web browser • ทีเอชนิค.th • IDN is splited into several levels using period (.) as separators • ทีเอชนิค | th • levels which contain non-ASCII character are converted to ASCII using punycode algorithm • 42cl2bj2hxbd2g| th • xn-- is added to each converted level to mark that it is actually non-ASCII; we call this ASCII-compatible encoding (ACE) • xn--42cl2bj2hxbd2g| th 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  9. How IDNA works (cont.) • All level are combined back again before being sent out to the internet • xn--42cl2bj2hxbd2g.th • On the DNS server side, the configuration is similar to traditional ASCII domain names config., just replace it with ACE • xn--42cl2bj2hxbd2g.th A 203.150.1.200 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  10. IDNA-support applications • Most newer browsers support IDNA out of the box • Gecko-based: • Firefox (multiplatform) • Mozilla (multiplatform) both from Mozilla Foundation • Opera (multiplatform) • KHTML-based: • Safari (Mac OS X) • Konquerer (Linux) • IE has not supported IDNA yet (lastest version released 4 years ago!!) • Plug-ins are available e.g. i-Nav from Verisign 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  11. Thai-Language Specific Topics • Thai character set • Thai character sequences 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  12. Thai Character Set • U+0E01 to U+0E59 in Unicode table • Registered with IANA; effective 21 June 2004 http://www.iana.org/assignments/idn/th-thai.html • Some glyphs are not permitted to be used in IDN e.g. symbols, punctuation marks (following ICAAN guidelines at http://www.icann.org/general/idn-guidelines-20jun03.htm) 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  13. Thai Character Sequences • Thai writing system has many possible combinations of base consonants and combining marks • Thai combining marks can be classified into at least 4 types: upper vowels, lower vowels, tonal marks, and other diacritics • Upper/lower vowel (if present) must be attached next to the base consonant, then tonal mark/diacritic can follows • A standard for controlling Thai character sequences named WTT (Wing Thuk Ti – Runs Everywhere) has been defined 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  14. WTT 2.0 overview • Passthrough mode: no checking is applied • Both sequences of ป + ◌ู + ◌่and ป + ◌่+ ◌ูcan form the word ปู่ • BasicCheck mode: simple checking is applied so no ambiguous sequences should be occur • Only sequence of ป + ◌ู + ◌่can form the word ปู่ • Strict mode: some grammatical checks is also be added so only pronounceable sequences can be input 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  15. Practical Deployment of IDN under .th • Delegation policies • Phases of deployment • Feedback, issues, and future plan 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  16. Delegation Policies • Royal names, country and province names are reserved • Domain names consisting of Thai characters would be registered at second level under .th (contrast with ASCII domain names which would be registered at third level) • Complimentary one IDN for each registered ASCII domain name • Valid IDN must be a direct translation or a homophone (word which has the same sound) of the corresponding ASCII domain name e.g. thnic.co.th → ทีเอชนิค.th (homophone) doctor.co.th → หมอ.th (translation) • In the beginning phases, IDNs under .th are provided free of charge 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  17. Phases of Deployment • Sunrise Phase (Jul 26—Oct 25, 2004): • Eligible registrant must register an ASCII domain name under .th before Jun 25, 2004 • Intermediate Phase (Oct 26, 2004—): • Eligible registrant must have an ASCII domain name under .th • Open Phase (TBA): • IDN under .th can be registered without existing ASCII domain name requirement • Registration fee may apply 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  18. .th IDN Statistics • As of Feb 15, 2005; there are 1,563 IDNs registered under .th (about 10% of number of ASCII domain names) 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  19. Feedback, issues and future plan • Number of applicants is not as high as previously expected • IE is still dominant among end users; that leads to complaints that they can not access web sites using IDN • IDN delegation policies seems to be too strict for some applicants (as well as ASCII domain name policies) • Therefore, we should promote both IDN usage and advantage of using IDN-compliant applications to Internet users 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  20. Recent IDNA security issues • How can IDNA be spoofed • Timeline of IDNA spoofing concerns • How this affects IDNA • Solutions 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  21. How can IDNA be spoofed • IDNA allows full Unicode (multilingual) • Different characters in different languages appear to be the same visually i.e. homograph • Example: • Latin small letter a /eɪ/ (+U0061): a • Cyrillic small letter a /a/ (+U0430): а 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  22. How can IDNA be spoofed (cont.) • Exploiter can register an IDN which resemble another existing ASCII domain name and make hyperlinks to it • Unaware users can be spoofed since they do not see difference between both domain names • Example: • paypal.com is an ASCII domain name • pаypal.com is an IDN whose ACE is xn—pypal-4ve.com 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  23. Timeline of IDNA spoofing concerns • Dec 2001: A paper describing homograph spoofing potential released http://www.cs.technion.ac.il/~gabr/papers/homograph.html • Jun 2003: ICAAN guidelines released • Most browsers adopt IDNA implementation • Some registries/registrars did not follow ICAAN guideline and allow registration of problematic IDN • Feb 7, 2005: A group of hackers demonstrated the spoofing flaw on their website http://www.shmoo.com/idn/ 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  24. Timeline of IDNA spoofing concerns (cont.) • Feb 8, 2005: A preventive method to disable IDN by proxy configuration released • Disadvantage: ALL IDNs would not be accessible by clients connecting via such proxy • Feb 9, 2005: A security advisory released on Secunia website http://secunia.com/advisories/14163/ • Feb 14, 2005: Mozilla Foundation announced that forthcoming versions of their browsers will have IDN disabled by default (it can be manually enabled later); long-term resolution is on the way 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  25. How this affects IDNA • Exaggerated panic caused by some articles may leads some users to think that IDNA is not safe at all • Until now, almost all solutions concern with IDNA disabling then IDNA will not be usable in some environment • IDNA registration and usage may be decreased due to above reasons 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  26. How should TLD Operators react to this issue • All TLD operators must conform with the ICAAN guidelines • They should ensure their customers as well as end users that the fault is not really a technical issue but dues to some operators’ delegation policies • JPRS has a good topic on this. See http://jprs.co.jp/en/topics/050214.html 1994-2004 Asia Pacific Networking Group All Copy Right Reserved

  27. Thank You

More Related