Home / Blogs

Do We Really Need IDN?

Jason S

James Seng has quoted that Korea, China and Japan must have IDN (Internationalized Domain Name) service. His statement may appear as above mentioned countries desperately need for IDN services because there are no alternative. However, there have already been well established local Internet address providers since quite some time.

Currently, there are local Internet address (multilingual keyword type) service providers such as, Netpia, 3721 and JWord in Korea, China and Japan respectively. 3721 and JWord are providing Internet address service through their client s/w and Netpia, through ISP server (DNS) and their client s/w. Common ground for these three companies are that 1) in keyword format where they do not allow prefixes and suffixes, 2) in local language. Also, IDN services were once offered through VeriSign, however, inconvenience of having 1) long address format, 2) switching character-set while typing address, and 3) downloading client s/w has created confusion to end-users and lost its popularity. Nevertheless, multilingual keyword type of address was implemented even before IDN service that end-user stuck with shorter version of Internet address.

Based on the statistics of December, 2004, there are 450,000 multilingual keyword address registered and getting 50,000,000 keyword queries per day in China, and 20,000,000 client s/w downloads in Japan and 1,000,000 registrations and 32,000,000 queries per day in Korea. As you could notice easily from China and Korea's number, multilingual Internet address has become a de Facto standard in both countries that IDN could be alternative, not a critical need at this time.

Last winter, many people might have heard and read articles regarding phishing attacks that was caused by IDN that Mozilla has even announced they will remove IDN functions from FireFox. IE was the only browser that did not have the same problem because they did not implement IDN functions on their browser.

In addition IDN could;

1) bring weakness in stability of security

2) have incompleteness as Internet address

3) re-write already built and successful infrastructure of multilingual Internet address and create even more confusion

Microsoft had sore experience of security instability problem on their IE. Also, they could fall into yet another law suit from multilingual keyword providers like Netpia, 3721 and JWord if they implement the IDN service on IE. Well, time will tell what the next move of Microsoft is. 

By Jason S
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Do We Really Need IDN? Suresh Ramasubramanian  –  May 05, 2005 8:04 AM PDT

Keywords are a fairly non standard way to go about the entire thing.  And your entire argument seems to be that IDN has some issues - which are being worked on by the way - and that people who are selling keyword based domains are going to sue, if they find IDN becoming a standard?

I look forward to a more detailed and reasoned experience on why you feel keywords are much more effective than IDN

Re: Do We Really Need IDN? James Seng  –  May 06, 2005 6:23 PM PDT

Pls do not put words in my mouth. If you want to use my quotes, please quote what I said exactly. And I never say anything to the effect there is no alternatives.

Netpia would certainly not benefit if & when Microsoft implement IDN i am sure. But your arguments here are no more then 'it is insecure' and 'i will sue'. 

Protecting your own turf, fair enough, in the commercial world. But in the world of public interest, a little competitions benefit everyone else.

Re: Do We Really Need IDN? James Seng  –  May 06, 2005 7:01 PM PDT

Ah, I got asked who you work for by a few people - I realized you didn't say it outright in your profile.

Why hide? You work for Netpia, the largest keyword provider for Korea. Your boss is Kangsik Cheon, the WGIG member who is responsible for extremely badly written IDN paper.

Re: Do We Really Need IDN? Suresh Ramasubramanian  –  May 06, 2005 7:09 PM PDT

not the first time people try to use a public forum like circleid for amateurish PR efforts

won't be the last either

unfortunately

Re: Do We Really Need IDN? Ram Mohan  –  May 08, 2005 2:07 PM PDT

This is a poorly researched article that invokes traditional FUD (Fear, Uncertainty, Doubt) rather than offer anything concrete.

Yes, keywords are cool.  They are not a substitute for a domain name.  The DNS providers have to implement special software, and/or clients have to download special stuff onto their computers.  None of the "multilingual Internet address keyword" works from my computer here in Philadelphia.  The Chinese .CN domain name I go to works without any problem on my computer.

This article is bereft of sufficient technical merit to be responded to in a technical manner.  At most, it's a statement of commercial and political opinion - which I respect your ability and right to say.

Re: Do We Really Need IDN? Suresh Ramasubramanian  –  May 08, 2005 5:40 PM PDT

Circleid is not a place for articles without technical merit that are posted only to spread FUD or score political brownie points.

"Jason S"'s commentary is totally out of place, and as he works for a large keyword provider but doesnt seem to be open enough about this in his member profile, I'd say it just doesnt belong on circleid.

Ram Mohan wrote:
> This article is bereft of sufficient
> technical merit to be responded
> to in a technical manner. At most,
> it's a statement of commercial and
> political opinion - which I respect
> your ability and right to say.

Re: Do We Really Need IDN? Ebina Cho  –  May 08, 2005 6:18 PM PDT

Whoever they might be and what their intentions might be, your replies are very disappointing. I strongly believe that this is not a place for praising IDN in which any opinion against IDN is considered PR. To fullfill "pulic interest" about IDN could be done by productive discussion not by attacking other's privacy breaking codes of conduct.

Re: Do We Really Need IDN? Suresh Ramasubramanian  –  May 08, 2005 6:31 PM PDT

> this is not a place for praising IDN in
> which any opinion against IDN is considered
> PR.

Oh, there are lots of ways you can express opinions against IDN, by presenting reasoned technical arguments. The arguments in this circleid article were neither reasoned nor technical. 

Further, in the spirit of full disclosure, articles that criticize something, when written by someone who provides a competing technology, must be accurately signed.  "Jason S" doesn't give his surname, and beyond saying that he is assistant to a WGIG member, does not inform us that he works for Netpia.or that his boss is the COO there.

Re: Do We Really Need IDN? James Seng  –  May 08, 2005 7:24 PM PDT

CircleID published the homographs attacks on IDN and altho it is a big blow to those who wanted IDN, it was well-recieved and the technical community responded with technical solution. The point is the article is no more the FUD ("I will sue Microsoft!").

And in a discussion of policy making for public interest (in this case on IDN), anonymity (he has his picture up there btw) is a not well-received, especially if the 'informant' has a vested commercial interest in the outcome.

This is not a case where the he has a reason to be anonymous to say what he wants for public interest. - in fact he has a reason to be anonymous to say what he wants for his private interest. That to me is a big difference.

Re: Do We Really Need IDN? Ram Mohan  –  May 08, 2005 9:16 PM PDT

>To fullfill "pulic interest" about IDN could be done by productive discussion not by attacking other's privacy breaking codes of conduct.

This is not an issue of "breaking privacy" or "codes of conduct".  Jason S was deceptive in his article and about his interests.  This is not a serious article, just a political opinion.

There's no "public interest" in praising keywords and damning IDNs, especially after you don't disclose that you or your employer makes $$$ from keywords.

Re: Do We Really Need IDN? Ebina Cho  –  May 08, 2005 9:38 PM PDT

In regard to Mr. Suresh Ramasubramanian's reply:

Full disclosure is a philosophy of security management. Full Disclosure means "Full details of the vulnerability are disclosed to the public", often through Bugtraq, Secunia, Full-Disclosure or other sites.

The theory behind full disclosure is that releasing vulnerability information immediately results in quicker fixes and better security. Fixes are produced faster because vendors and authors are forced to respond in order to save face.

Full disclosure came to life after it became clear that the method employed by CERT did not work out as intended and it was rumored that CERT had a policy of providing advance information on vulnerabilities to some organizations and government agencies, which pay for this privilege. In the meantime, the vulnerabilities were actively exploited by hackers.

Researchers were angered and insisted that the vulnerabilities must include full-disclosure of "the details of the vulnerability" and this is the spirit of Full Disclosure -nothing to do with "Privacy Disclosure" things.

Just wanted to comment "technically" as a network security consultant. ;)

Re: Do We Really Need IDN? Suresh Ramasubramanian  –  May 09, 2005 12:44 AM PDT

Ebina - yes, thanks. I'm aware of the full disclosure list and its history. And I do find it useful to lurk on that list .. however that's completely besides the point here.

Would "transparency" and "declaration of vested interests in a debate" be terms that are more acceptable to you in this context?

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign