ICANN raises concerns over VeriSign IDN change
IDG News Service - The Internet Corporation for Assigned Names and Numbers (ICANN) is expressing concerns regarding a service launched last Friday by VeriSign Inc. that's designed to handle internationalized domain names (IDN).
According to an ICANN statement, "some commentators" are worried that the VeriSign service is using technology contrary to Internet Domain Name System (DNS) standards to respond to DNS address requests containing non-ASCII characters, the Marina Del Rey, Calif., group said.
"In response to these expressions of concern, ICANN has requested the advice of the Internet Architecture Board, which is responsible for providing oversight of the architecture for the protocols and procedures used by the Internet, on the changes announced by VeriSign Global Registry Services (VGRS)," ICANN said.
The DNS was designed to support 38 English-language ASCII characters, but international domain names draw from the 96,000-character non-ASCII Unicode repertoire. Domain names in languages other than English must therefore be encoded in ASCII for transmission across the DNS in order for them to work.
In October, the IDN working group of the Internet Engineering Task Force, a standards-setting body, released a first mechanism, called Internationalizing Domain Names in Applications (IDNA), which seeks to handle internationalized domain names in a standard fashion by allowing non-ASCII characters to be represented using only the ASCII characters. The task force is also represented in ICANN's IDN committee.
In announcing its new service, VeriSign said that because IDNA calls for changes to individual applications to support IDNs, it developed a free plug-in called i-Nav for Microsoft Corp.'s Internet Explorer browser to encode foreign domains into ASCII.
Through its registry contracts, the Mountain View, Calif.-based digital authentication company operates what it calls "the definitive database" of over 27.3 million Web addresses ending in .com, .net and .org on "a platform that is the world's de facto standard in DNS registry services."
Whereas a browser requesting a non-ASCII domain traditionally returns an error message, VeriSign has changed the behavior of the authoritative name servers for the .com and .net zones (the name servers that are capable of replying to all the domain name queries that can reasonably be addressed to them) to return a "positive" answer by leading to a page on the VeriSign Web site that promotes the i-Nav plug-in.
In ICANN's letter to the Internet Architecture Board, it quoted a message received on Jan. 5 from Paul Hoffman of the Internet Mail Consortium that outlined his concerns with the VeriSign service.
Hoffman claimed that there are a number of technical problems with the change that, at its heart, undermines IDNA by adding a "guessing" element to theprocess.
"VGRS makes wild guesses about what the user wanted, some of which are very clearly impossible. Worse yet, they do not include all of the legal guesses that they could have made," Hoffman said.
IDNA, which is designed to avoid such guessing, is on the verge of being recommended as a standard by the Internet Engineering Task Force, and VeriSign should be compelled to adhere to that standard, Hoffman said.
"ICANN should demand that [VeriSign] immediately stop giving incorrect answers to any query in .com and .net, and should instead follow the IETF standards. If VGRS refuses, ICANN should redelegate the .com and .net zones to registries that are more willing to follow the DNS standards," Hoffman said.
VeriSign has asserted that i-Nav supports IDNs in a manner consistent with IDNA.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...