Universal acceptability, The Public suffix & IDN Whitelist

Universal Acceptability

The Public Suffix List & IDN Whitelist
Jothan Frakes
Mozilla Foundation

ICANN 41, Singapore


•  “Domains should just work”
–  This is not just a matter of Registry/Registrar/
Registrant + DNS + a little advertising
•  “My TLD will just work” is an unsafe
assumption
–  2001 round .INFO and .MUSEUM - TLD Length >3
exposed some issues, tip of iceberg
–  25 years of ‘static’ root zone (for lack of better term)
has driven oversimplified TLD logic


Think about the people who build things for
people that will use your domain
•  Who are they?
•  What do they need from you?
–  SRS Complimentary Services (Whois clients’ awareness of
TLD and server, etc.
–  Application Developers (Browsers, email clients, etc.)
–  Supplemental Service Providers (Hosting Companies,
Certs etc.)
–  Anti-Spam and Security, Programming Languages, Etc.


•  ICANN is working on Universal
Acceptability
–  Outreach ongoing
–  Still, anticipate that it is still your opportunity to do
this for your community
•  Do what you can within your community
–  Technical Seminars
–  FAQs, White Papers, Clear Documentation
–  Participate in industry events


•  Outreach and Awareness
–  Seek out those with questions
–  Clarify wherever possible
•  Blog Posts
•  Forums
•  Mailing Lists

•  Locate central comprehensive data
resources
–  Public Suffix List
–  Net::DRI


YOU can help with Universal Acceptability

Two important community initiatives

•  Mozilla / community Initiatives
–  Public Suffix List
–  Mozilla IDN Whitelist

The Public Suffix List

Community-Driven Universal Acceptability

The Public Suffix List (“PSL”)

http://publicsuffix.org
What Is it?
•  PSL is a list of all known
public suffixes
–  Factors in all levels under which Internet
users can register or obtain delegations.
–  Some examples of public suffixes are ".com", ".co.uk"
and "pvt.k12.wy.us“ where the IANA list would have
“.com”, “.uk” and “.us”.
–  Complimentary to and adds depth/detail to
the IANA list of TLDs

IANA List Public Suffix List
(http://data.iana.org/TLD/tlds-alpha-by-domain.txt) (http://publicsuffix.org)
... ...
// af : http://www.nic.af/help.jsp
AF af
gov.af
AG com.af
org.af
AI net.af
AL edu.af
AM // ag : http://www.nic.ag/prices.htm
ag
AN com.ag
... org.ag
net.ag
co.ag
nom.ag
// ai : http://nic.com.ai/
ai
off.ai
com.ai
net.ai
org.ai
// al : http://www.ert.gov.al/ert_alb/faq_det.html?Id=31
al
com.al
edu.al
gov.al
mil.al
net.al
org.al
// am : http://en.wikipedia.org/wiki/.am
am
// an : http://www.una.an/an_domreg/default.asp
an
com.an
net.an
org.an
edu.an
...


Where did it come from?
•  Designed to aid browsers
–  Founded in 2007 by Jo Hermans
•  Practical application rapidly grew its use
–  Now maintained with Mozilla, by community and
core group of volunteers


Where is it used?
It used by (at least):
Browsers: Firefox, Chrome, Opera, others;
Languages: Google’s Java libraries;
regdom-libs for C, Perl, and PHP;
Nokia QT, Ruby on Rails,
JavaScript - Greasemonkey, many others.

Other Software and Services:
Operating Systems – Hosting Companies –
Statistics Providers – Anti-Spam – Security
Services – Certification Providers – CRM Systems –
Law Enforcement Agencies – Form Validation
+ Many, Many More


How can I view it?
You can view it at http://publicsuffix.org/list/ (click
the link that says ‘See the list”).

How can I update or add my IANA listed
TLD or sub-delegation registry?
To make amendments to the list, please visit this site:
http://publicsuffix.org/submit/
Note: Requests go through a distributed approval process before implementation


What does it do?
It allows for validation of the rightmost elements as
TLDs underneath a domain name.

It allows browsers to, for example:
•  Avoid privacy-damaging "super cookies" being set for high-level domain name
suffixes
•  Highlight the most important part of a domain name in the user interface
•  Accurately sort history entries by site


Please review and add or update your
entry

•  Requirements:
–  Request must come from Registry/Authorized Party
–  Rightmost string must be IANA Listed
–  Subdomain Registries are allowed to request listing
–  Pre-Delegation Exceptions to IANA listed rule:
•  ccTLD IDN Fast-Track TLDs that have passed String Evaluation phase
–  (i.e. are listed on “
IDN ccTLD Fast Track String Evaluation Completion”)


Take Away This:

As it relates to Universal Acceptability
•  My TLD benefits from being accurately
represented in the PSL
•  My Community / All Users also benefit
•  Simple: One edit cascades out to many
applications and developers

Public Suffix List = Good. Go update it now!

Mozilla IDN Whitelist

Internationalization with Curation

Internationalization

‫ﻋﺮﺑﻲ‬ Afrikaans  ( )  Gàidhlig 
Norsk  Slovenščina 

‫עברית‬ Shqip  ( )  Galego  ೲೲೲೲೲ
ୱୱୱୱୱ
Soŋay 

‫ﻓﺎرﺳﯽ‬ Հայերեն  Hrvatski  ქართული  Қазақ  ਪ"ਜਾਬੀ
Español 
৺৺৺৺৺৺৺
ČešDna  Deutsch  Polski  Svenska 
Asturianu  Dansk  Ελληνικά  Kurdî  ෴෴෴෴෴  த"#
Euskara  Nederlands  ગ"જરાતી
Latviešu  Македонски  ౯౯౯౯౯౯
Беларуская  English  ह"दी  lietuvių kalba  Português  ไทย
৺৺৺৺৺
Esperanto  Magyar  Luganda  română  Türkçe 
%&थली 
Bosanski  EesD keel  íslenska  ৺৺৺৺৺৺
rumantsch  Українська 
Brezhoneg  suomi  Bahasa Indonesia  ൯൯൯൯൯൯
Русский  Tiếng Việt 
Български  Français  Gaeilge (Éire)  मराठी  Српски  Cymraeg 
català  Frysk  Italiano  Sepedi  slovenčina  isiZulu 

Mozilla Firefox 4.0 is
fully localized into over
80 distinct languages
and has over
227,486,079
downloads worldwide and growing!

IDN in Top Level Domains
“One World, One Internet, Everyone Connected”
Assuming for this portion that are all familiar with IDN at the top
level, or second level and the numerous benefits that come for
communities that need more than just A-Z.

All good, but the benefits of new things can often introduce new
opportunities for bad actors to exploit.

Example:
well-worn paypal.com in mixed code as mixed language homograph

Homographs also possible within single language set
Æ -> AE Œ -> OE Ǆ -> DZ

UNLESS registry has policy to avoid the circumstances where there
would be two separate registrations for the visually similar domain.

IDN in the wild and Guidelines v2.2

Not all registries have policies to avoid visually similar
domains from being registered within their IDN
implementations.

Summarizing ICANN IDN Guidelines v 2.2

“List your allowed characters
and all else are disallowed”
Very oversimplified summary. View Full policy here for authoritative detail: http://icann.org/en/topics/idn/implementation-guidelines.htm

•  This still leaves room for homographs

Unicode Technical Reports and Security
Not all registries have policies to avoid visually similar domains from
being registered within their IDN implementations.

Summarizing Unicode TR 36 §2.10.4, item B
“Publicly document the enforcement policy
on confusables: whether two domain
names are allowed to be single-script or
mixed script confusables”
Very oversimplified summary. View Full report here for authoritative detail: http://www.unicode.org/reports/tr36/#international_domain_names

•  UTR 36 ( http://unicode.org/reports/tr36)
•  UTR 39 (http://unicode.org/reports/tr39)

•  This helps close the door on homographs

Human review of policy, then ‘whitelist’
Where registries have policies to avoid visually similar
domains from being registered within their IDN
implementations.

Unicode TR36 §2.10.3 B,D “Security recommendation for User
Agents” (aka Browsers)
•  Expose Punicode in Location Bar as default behavior unless
TLD Policy is reviewed and considered for conformity and
then subsequently whitelisted if approved

This helps visually expose homographs so that general users
are less likely tricked or confused

Mozilla's IDN-enabled TLD list

•  Mozilla maintains such a
“whitelist” for their projects
Registry submits policies and
code points for review.
Until approved, domains display in Punicode

•  Review the qualifications
http://mozilla.org/projects/security/tld-idn-policy-list.html

•  Add your TLD to the list http://goo.gl/sdpqs

Thank you and recognitions

Jothan Frakes,
Volunteer, Mozilla Foundation Thank You!
Web: http://mozilla.org
PSL: http://publicsuffix.org

blog: http://blog.jothan.com
email: jothan@gmail.com
With Special Thanks to:
Everyone in the gTLD and ccTLD community who drive and support IDN if you’re not specifically mentioned.
The Mozilla Foundation & Gervase Markham, Jo Hermans, Peter Kasting, Ruben Arakelyan, Pamela Greene, David Triendl, Junkshik Shin,
Brett Wilson, Kevin Bourrillion, Craig Berry, Garry Boyer, Katsuhiko Momoi, Masanori Baba, Yngve Pettersen, Shawn Loveland, Nasser
Kettani, Tom Mereckis, Michele Subrenard, Martin Duerst, Damon Miller, Tina Dam, Pat Kane, and others from the developer community
who support and advocate IDN & of course, Kim Davies, and Naela Saras from ICANN – and Many, Many, others!

Universal acceptability, The Public suffix & IDN Whitelist

More Related Content

Similar to Universal acceptability, The Public suffix & IDN Whitelist (20)

More from playingwithsid (11)

Recently uploaded (20)

Universal acceptability, The Public suffix & IDN Whitelist