By ANICK JESDANUN, AP Internet Writer
Concerns about "phishing" e-mail scams will likely delay the expansion
of domain names beyond non-English characters, the chairman of the
Internet's key oversight agency said Friday.
Vint Cerf, head of the Internet Corporation for Assigned Names and
Numbers, would not speculate on when such characters might appear but
said Internet engineers must now spend time "trying to winnow down,
frankly, the number of character (sets) that are allowed to be
Demand for non-English domain names is high outside the United States
and a U.N. panel studying Internet governance said in a report
Thursday that "insufficient progress has been made toward
multilingualization." It cited the lack of international coordination
and technical hurdles as among the problems.
Officially, the Internet's Domain Name System supports only 37
characters -- the letters of the Latin alphabet, 10 numerals and a
But in recent years, in response to a growing Internet population
worldwide, engineers have been working on ways to trick the system
into understanding other languages, such as Arabic, Chinese and
Engineers have rallied around a character system called Unicode.
But security experts warned earlier this year of a potential exploit
that takes advantage of the fact that characters that look alike can
have two separate codes in Unicode and thus appear to the computer as
different. For example, Unicode for "a" is 97 under the Latin
alphabet, but 1072 in Cyrillic.
Subbing one for the other can allow a scammer to register a domain
name that looks to the human as "paypal.com," tricking users into
giving passwords and other sensitive information at what looks like a
legitimate site. It's much like how scammers now use the numeral "1"
sometimes instead of the letter "l" to trick users.
"In some of the early tests, ... it became clear we had opened up the
opportunity for registering very misleading names," Cerf said in a
conference call wrapping up ICANN's meetings this week in
Luxembourg. "This kind of potential confusion leads to parties going
to what they think are valid Web sites."
Cerf said it may be possible to proceed with character sets that
aren't at risk of confusion as the standards-setting Internet
Engineering Task Force tackles the broader security concerns with
Tests of non-English characters have been going on for years, and in a
few cases they are fully operational. Last year, operators of the
German ".de" domain began offering 92 accented and other special
characters, including the umlaut common in German names.
But ICANN has yet to approve domain names entirely in another
language; all addresses now must end with an English string such as
Copyright 2005 The Associated Press.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. Listen to AP News Radio and view their stories at
http://telecom-digest.org/td-extra/AP.html. No login nor registration
[TELECOM Digest Editor's Note: I think people who are more familiar
with other language sets should be allowed to use them on the net;
instead of stalling on the development of these things, in order to
make the internet as useful as possible in _all countries_ of the
world and not just the _English speaking countries_, Vint Cerf is
claiming that there are likely to be misunderstandings by Americans
(in what is presented) which will lead to more scams, etc. Of course,
ICANN (read, Vint Cerf) won't make any changes in the contracts we
all were forced to sign in order to be able to use this damn system;
they could write severe punishments, i.e. ex-communication, into their
contracts, but they refuse to do that as well. So guys, if the English
language subset is not all that familiar to you, don't expect any
improvements anytime soon. I feel those domains -- such as 'de' which
are not subject to ICANN should go right ahead and do as they please.