Internationalised Domain Names (IDNs) - Consultation
From
: Saoirse
Received: 11 December 2007

Dear Sir / Madam,

With regard to the potential future implementation of Internationalised Domain Names (IDN) into the .nz domain name space.

I would firstly like to address points made in previous submissions.

1. Comments made by the New Zealand Bankers Association and their primary concern of IDN being used for typographical / homographic attacks.

This is mainly a browser issue. For example at this point in time Firefox does not display unicode characters (Characters that are not ASCII or what we know as the letters A - Z) IDNs are converted to their punycode equivalent and are displayed in the URL bar as such. So using the example provided by the New Zealand Bankers Association ~ ?sb.co.nz this would in fact be displayed as xn--sb-cla.co.nz. This is a Firefox precaution to avoid the so called phishing attempts that were made a few years ago. It is possible to configure Firefox to display native characters but this is not something that an ordianary internet user would be aware of or know how to do it.
Internet Explorer 7 on the other had will display native characters as they were meant to be seen and this is a step in the right direction. A step closer to giving those who do not use ASCII characters exclusively in everyday life or in fact do not use ASCII characters at all.
Education of those who use the internet is the way forward on this matter. Those using financial based websites should be made aware that these sites should be using SSL certificates and should be advised as to how to check if said websites are SSL enabled.

I would also like to add that homograph / typograph attacks and cyber squatting are not unique to IDN. It is entirely possible to carry out this fraudulent activity using the letters A - Z and the hyphen.
Some examples would be:
http//merriam-vvebster.com (That is not actually the letter W ~ it is the letter V repeated twice) lreland.com (The first letter of Ireland in this case is not actually the letter i ~ It is the lower case letter L) And so on. It may be of interest to note that Maori IDNs are avaiable for registration in .com and .net and have been for a number of years (See notes on this below)

As for cyber squatting ~ Denying the implementation of IDN for this reason is not a solution to the problem. Cyber squatting is not unique to IDN and therefore the concern is not really a valid one.

2. Points raised by Nate Walker
For his concerns raised regarding browser support see above.

With regards to everyone being able to type in Maori that is not really the issue at hand. Not everyone is able but there are according to the 1996 census, 26% of people who are able to manage this. 26% is quite a large number and if Maori speaking people are aware that IDNs are available then I am sure it would encourage more to use an IDN enabled internet. It's not really a concern if you or I can't type in Maori, the concern is giving Maori speaking people the opportunity to do so themselves. For concerns with email see above
I should add that those using Internet Explorer are being sent browser update reminders to upgrade their browsers from previous versions to the IDN capable Internet Explorer 7. This is being rolled out in stages so those in NZ may or may not have received these updates yet but many countries across the world have. With IE7 having a large share of the browser market this means many people across the globe will have IDN enabled browsers and in fact many already do.
It is only a matter of time before those who supply email services follow suit and make their services IDN compatible.

While I understand Maori uses a mixture of ASCII and macronised vowels, in a similar sense Spanish, French etc also use this mixture of ASCII and non ASCII characters so it is very unreasonable to expect the internet to remain purely ASCII based on this concern. At this moment in time email is not IDN compatible but this will change with time as more and more people whose language is not English or not exclusively English become aware that domain names are available in their native script. While understandable I think the concern is somewhat misplaced as to deny native Maori characters based on this would not be a reasonable step to implement.

As for the technical issues of implementing IDN into the root. ICANN have already satisfied themselves that this is not a difficult task. Many tests were run under laboratory conditions to ensure that IDNs would do no damage to the internet as a whole. These, if need be said were successful and in fact IDNs were inserted into the root live successfully and caused no doomsday scenario.

On a related not it may be worth noting that other countries have already taken the step towards making their ccTLs IDN compatible. China and Japan are two that spring to mind. Now, if a language as complaicated as Chinese with maybe 60,000 different characters can implement this then I can see no reason for not doing the same in any country that has a native population that speaks a language other than English and not to do so would be a step backward when all around are doing it with a large degree of success.

ICANN are and have been working on IDN implementation for some time and IDNs are now a fact of life. The simple fact is that at this moment it is possible to register Maori domains in the .com and .net domain name extension and has been for a number of years. I see no sudden outbreaks of typographic or homograph attacks and so this would seem to nullify those concerns. To deny characters that are part of the Maori language in the .nz namespace would seem pointless seeing as these are already available in .com and .net.

One further thing I would like to mention with regards to characters that are not part of a language as such. characters like and and other non language related unicode symbols. It would seem that while these characters used to be allowed for registration in the .com and .net namespace they no longer are so it is my opinion that ICANN will or are phasing them out, although there is no official confirmation of this. It is also my opinion that there is no practical need for such unicode characters in URLs and so do not see the point of allowing them in the namespace

If anyone would like to contact me for further discussion regarding IDN then you can do so at: infolinks [at] gmail.com (remove [at] and replace with @)

Saoirse