The IDN Market ...

The IDN market is experiencing tremendous growth as countries like China and Korea relax their hold on their citizens and allow them to access the internet. Cheaper computers and technology...

Defining Punycode...

Punycode is an important component to International Domain Names. Puny code dictates how Unicode characters are placed in ASCII character strings. Unicode, an industry standard, allows computers...

Why IDN...?

Many types of domains practically scream that they can make you money, but IDNs are rather conservative as their use is still very new. The potential for decent profit, though, is very real...

Advertisements
Resources
Punycode

Punycode is an important component to International Domain Names. Puny code dictates how Unicode characters are placed in ASCII character strings. Unicode, an industry standard, allows computers to manipulate text in most of the world’s alphabets and writing systems. An IDN will have the “xn- -“ placed before it and all non-ASCII characters removed. Puny code figures out which characters these were, where they were placed and then adds the information to the end of the string. Thus, a URL written in Russian is re-coded into English letters so that a browser can know exactly where to go to access the site that was typed in the browser bar in Russian. Thanks to an option used by Google and other search engines, once you find the site you’ll have an option to translate it directly from your search.

As with any new computer development, IDNs presented some unique problems. Since it allowed the full Unicode names to be used by websites it make it very easy to create a fake website that looked exactly like a legitimate one, down to the domain name and certificate of security. Anyone that wanted to steal someone’s private information could create a site that mirrored the appearance of a bank, for example, redirecting that person from their own bank’s site to the spoof site. This loophole had nothing to do with technical faults but was because characters could look the same in different languages. These characters are called homonyms, homoglyphs or homographs. Before IDNs were introduced the problem was foreseen and registries received guidelines to reduce or avoid the problems. By accepting only the Latin alphabet and that of their own country, not all of Unicode, a website can protect themselves from spoofing. Mozilla, for example, enabled IDN support but showed only punycode URLs, thwarting spoof attempts but still enabling people to access domains with IDNs.

The latest versions of browsers, including Microsoft’s IE8, usually warn of a possible homograph attack by displaying the web address in the browser bar using punycode instead of Unicode characters. If you are using IDNs, it’s wise to check the address bar after loading a page to see if the website’s address appears as punycode. If so, this means only that it is possible that you’ve been directed to a phishing site, not that you have actually arrived at one. The ie8 browser has many added security features to address the risks of IDNs, including a phishing filter as well as international domain name spoofing protection. Users can also turn off the IDN option should they wish to.