ICANN raises concerns over VeriSign IDN change

The Internet Corporation for Assigned Names and Numbers (ICANN) on Tuesday expressed concerns regarding a service launched last Friday by VeriSign designed to handle internationalized domain names (IDN).

The Internet Corporation for Assigned Names and Numbers (ICANN) on Tuesday expressed concerns regarding a service launched last Friday by VeriSign designed to handle internationalized domain names (IDN).

According to ICANN, “some commentators” are worried that the VeriSign service is using technology that is contrary to Internet Domain Name System (DNS) standards to respond to DNS address requests containing non-ASCII characters, the group said in an advisory posted on its Web site.

“In response to these expressions of concern, ICANN has requested the advice of the Internet Architecture Board, which is responsible for providing oversight of the architecture for the protocols and procedures used by the Internet, on the changes announced by VeriSign Global Registry Services (VGRS),” ICANN said.

The DNS was designed to support 38 English-language ASCII characters, but international domain names draw from the non-ASCII 96,000-character Unicode repertoire. Domain names in languages other than English must therefore be encoded in ASCII for transmission across the DNS in order for them to work.

In October, the IDN working group of the Internet Engineering Task Force (IETF), a standards-setting body, released a first mechanism, called Internationalizing Domain Names in Applications (IDNA) that seeks to handle internationalized domain names in a standard fashion by allowing non-ASCII characters to be represented using only the ASCII characters. The IETF group is also represented in ICANN’s IDN committee.

In announcing its new service, VeriSign said that because IDNA calls for changes to individual applications to support IDNs, it had developed a free plug-in, called i-Nav, for Microsoft’s Internet Explorer browser that encodes foreign domains into ASCII.

Through its registry contracts, VeriSign operates what it calls “the definitive database” of over 27.3 million Web addresses in .com, .net, and .org on “a platform that is the world’s de facto standard in DNS registry services.”

Whereas a browser requesting a non-ASCII domain traditionally returns an error message, VeriSign has changed the behavior of the authoritative name servers for the “.com” and “.net” zones (the name servers that are capable of replying to all the domain name queries that can reasonably be addressed to it) to return a “positive” answer by leading to a page on the VeriSign Web site that promotes the i-Nav plug-in.

ICANN’s letter to the Internet Architecture Board quoted a message received on Jan. 5 from Paul Hoffman of the Internet Mail Consortium, outlining his concerns with the VeriSign service.

Hoffman claims that there are a number of technical problems with the change that, at its heart, undermines IDNA by adding a “guessing” element to the process.

“VGRS makes wild guesses about what the user wanted, some of which are very clearly impossible. Worse yet, they do not include all of the legal guesses that they could have made,” Hoffman said.

IDNA, which is designed to avoid such guessing, is on the verge of being recommended as a standard by the IETF, and VeriSign should be compelled to adhere to that standard, Hoffman said.

“ICANN should demand that (VeriSign) immediately stop giving incorrect answers to any query in .com and .net, and should instead follow the IETF standards. If VGRS refuses, ICANN should redelegate the .com and .net zones to registries that are more willing to follow the DNS standards,” Hoffman said.

VeriSign asserts that i-Nav supports IDNs in a manner consistent with IDNA.