Recently, we were thinking about purchasing new domain names for Imperva’s web site in languages other than English. This was a trigger for me to do some reading on ICANN’s International Domain Names (IDNs). Although I was already familiar with the general IDN concept, I knew that it is an evolving standard and I wanted to go back and re-examine the potential impacts on our WAF product. I didn’t find anything too interesting, but I did come to understand that there are some major security implications associated with this standard. More importantly, no one has yet taken real responsibly for dealing with them.
But before I get into that, here’s a crash course in IDNs for those of you who are not familiar with the concept:
1. International domain names are becoming more and more available as more registrars and ISPs are implementing the IDN standard, which allows registering domain names that include non-ASCII characters.