Security threats Toolkit

Icann gives green light to non-Latin URLs

Tags:
Cyrillic,
Arabic,
Chinese,
TLD

Tom Espiner ZDNet UK

Published: 30 Oct 2009 17:10 GMT

Icann has given approval for the use of non-Latin characters in top-level domains, opening the door to Chinese, Arabic and other alternatives to web extensions such as .com.

The body, which oversees the internet domain name system, announced on Friday that it has voted to institute a fast-track process for internationalised domains (IDNs). Icann said the move will allow people to create web addresses that are in their own language from beginning to end, and that can include accent marks.

"The coming introduction of non-Latin characters represents the biggest technical change to the internet since it was created four decades ago," said Peter Dengate Thrush, chairman of Icann (the Internet Corporation for Assigned Names and Numbers), in a statement. "Right now, internet address endings are limited to Latin characters — A to Z. But the fast-track process is the first step in bringing the 100,000 characters of the languages of the world online for domain names."

The fast-track process, which was approved at the end of an Icann conference in Seoul, will open on 16 November for applications from countries wanting a domain that reflects their name.

"This is only the first step, but it is an incredibly big one and an historic move toward the internationalisation of the internet," said Rod Beckstrom, Icann's chief executive, in a statement. "The first countries that participate will not only be providing valuable information of the operation of IDNs in the domain name system, they are also going to help to bring the first of billions more people online — people who never use Roman characters in their daily lives."

The process to include non-Latin characters has taken over a decade to come to fruition — the issue of IDNs has been under consideration by Icann since the organisation's inception in 1998. The work has gone through several drafts, dozens of tests and an "incredible" amount of volunteer development over the years, according to Tina Dam, Icann's senior director for IDNs.

The introduction of domains with non-Latin characters could give cybercriminals more of an opportunity to spoof URLs, security vendor Sophos warned.

"There may be the potential for users to get confused as to which site they are visiting," said Graham Cluley, senior technology consultant at Sophos. "There may be font issues, similar to [people] having difficulties telling the difference between a number '1' and a capital letter 'I'."

Nora Nanayakkara, director of business development at registrar Domain Name Marketplace, said security measures would have to be taken by Icann to mitigate the risks of phishing attacks against users.

"For example, the incidental difference between BankofAmerica.com [and] BánkofAmerica.com would be a prime opportunity for cybercriminals to take advantage of the average web user," said Nanayakkara in a statement. "If measures are promptly put in place to minimise such problems, the greater good of IDNs will prevail."

Nanayakkara added that Icann will now need to ensure the domain infrastructure is upgraded so it can handle multiple scripts smoothly.