Skip to main content

Blog

  • Reputation Block Lists: Protecting Users Everywhere

    Cybercrime is a constant problem. What many Internet users don’t know is that the vast majority of users are being protected all the time by Reputation Block Lists (RBLs). RBLs are built into the Internet services we all use every day to keep harmful material out of your...
  • Eastern Europe Cybersecurity Tour, Redux

    Hero1 eastern europe cybersecurity tour 3600x2025 23oct17 en
    From 9-15 October, I spent a busy week of Global Stakeholder Engagement (GSE) cybersecurity engagements in Budapest and Visegrád, Hungary and Minsk, Belarus. Gabriella Schittek and I met in Budapest with representatives of the Hírközlési Tudományos Egyesület (HTE), the...
  • A “Key” Milestone in Protecting the DNS

    A significant milestone has been reached in ICANN’s ongoing effort to change the cryptographic key that helps protect the Domain Name System (DNS). On 11 July 2017, the new DNSSEC Key Signing Key (KSK-2017) appeared in the DNS, marking the first time a new key has been...
  • ICANN's Open Data Initiative Early Pilot Platforms Now Available

    Hero1 odi pilot 750x583 27jun17 en
    'Open data is publicly available data that can be universally and readily accessed, used, and redistributed free of charge. It is structured for usability and computability.' -'The Global Impact of Open Data,'by Andrew Young and Stefaan Verhulst Today, ICANN is pleased to...
  • The Dark Web: The Land of Hidden Services

    Hero1 dark web 225x175
    According to Internet Live Stats, the World Wide Web passed the one billion website benchmark in 2014 and is still hovering around that figure. The publishers of these billion websites compete for search engine relevance and the attention of nearly 3.6 billion Internet...
  • M3AAWG Appoints Dr. John Levine Liaison to ICANN

    The Messaging, Malware and Mobile Anti Abuse Working Group (M3AAWG) recently appointed Dr. John Levine Liaison to ICANN. The ICANN organization welcomes this appointment and thanks M3AAWG's Board of Directors for this decision. This appointment will allow the portion of...
  • Ways of Trusting Internet Identifiers

    Recent news that Google's Chrome browser is going to trust Symantec-issued transport layer security (TLS) certificates less than those from other certificate authorities (CAs) has reignited debates about how trust is expressed to Internet users. Certificates for TLS are...
  • The Three Pillars of ICANN’s Technical Engagement Strategy

    Hero1 technical enagement strategy 750x500 21mar17 en
    ICANN's technical engagement team was established two years ago. Since then, we have made a great deal of progress in better engaging with our peers throughout the Internet Assigned Numbers Authority (IANA) stewardship transition proposal process and currently during the...
  • What Is Ransomware?

    Hero1 ransomware anatomy of an attack
    Ransomware is a cyberattack (a virus) that is used to extort money. Originally, criminals used ransomware to extract payments from individuals for the recovery of personal information. Today, cyberattackers extort payments from businesses for the recovery of sensitive...
  • Tech@ICANN58: Your Roadmap to Copenhagen's Technical Sessions

    As we start our meeting here in Copenhagen with a packed agenda, I would like to share with you some of the key sessions that have a more technical focus. I hope that this will be useful to newcomers with a technical background, so they can easily find their way...
  • Cybersecurity Topics on a Whirlwind Tour of Eastern Europe: Take 2

    Hero1 dp eednsf 1500x1000 14dec16 en
    Dave Piscitello presenting at the Eastern European DNS Forum in Kiev, Ukraine. During the first weeks of December 2016, I continued a series of Identifier Systems Security, Stability and Resiliency (IS SSR) team and Global Stakeholder Engagement (GSE) cybersecurity...
  • What Is a DNS Covert Channel?

    Hero1 blog dns covert channel 08dec16 en
    In the first part of our covert channel series, I explained that a covert channel is an evasion or attack technique used to transfer information in a secretive and typically unauthorized or illicit manner. I also explained how one could create a covert channel using the...
  • ICANN Kicks Off Open Data Initiative Pilot

    ICANN has begun a pilot project to introduce an Open Data Initiative for ICANN-generated data. Various ICANN activities produce data related to ICANN’s mission of coordinating the Internet’s system of unique identifiers, including domain name system operations, domain...
  • Research Revealed on Authoritative Servers at the Second Level

    ICANN is interested in the infrastructure supporting the identifiers that we help coordinate, and the Domaine Name System (DNS) has a wide variety of infrastructure. There has already been a fair amount of research about the root servers and the Top-Level Domains (TLD)...
  • KSK Rollover Operations Begin

    Hero1 ksk rollover operations 750x514 27oct16 en
    Today, ICANN created a new root zone key signing key (KSK). This new cryptographic public/private key pair was made during the quarterly Root KSK Ceremony at our secure key management facility in Culpeper, Virginia. With this key generation, the initial operational phase...
  • ICANN57: A Real-Life Audio-Video Disaster Recovery Story

    Very few people realize what it actually takes to make an ICANN meeting run smoothly from the Network Operations Center backroom, where the InfoTech team orchestrates its magic with high energy. You’ve probably experienced the excellent remote capabilities to encourage...
  • Universal Acceptance Compliance at ICANN

    Hero1 universal acceptance compliance 750x350 10oct16 en
    Universal Acceptance ensures that all domain names and email addresses can be used by all Internet-enabled applications, devices and systems. It is essential for the continued expansion of the domain name system and provides a gateway to the next billion Internet users....
  • Sharing Links Over Email: Security @ ICANN

    Many of you have read earlier posts by our CIO Ashwin Rangan regarding our ongoing improvements to ICANN's overall cybersecurity. This is a brief update on some recent security changes we've made to email services, some of which will be noticeable to many in the ICANN...
  • News from Identifier Technology Health Indicators (ITHI)

    ICANN recently organized an ITHI workshop in its Washington DC office on September 7th. We had 18 participants, 11 of them from the community, representing a variety of stakeholders: DNS operators, registry operators, registrars, ISPs, content providers, government, etc....
  • What Is an Internet Covert Channel?

    Hero1 covert channel 28aug16 en
    A covert channel is an evasion or attack technique that is used to transfer information in a secretive, unauthorized or illicit manner. A covert channel can be used to extract information from or implant information into an organization. An Internet covert channel is the...
  • DNSSEC: Rolling the Root Zone Key Signing Key

    Hero1 ksk rollover 750x480 en
    ICANN today posted plans to update or "roll" the Root Zone Key Signing Key (KSK), marking another significant step in our ongoing efforts aimed at improving the security of the Domain Name System (DNS). The KSK rollover plans were developed by the Root Zone Management...
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."