From: Martin J. Dürst (duerst@it.aoyama.ac.jp)
Date: Tue Nov 30 2010 - 00:33:03 CST
On 2010/11/30 5:01, Shriramana Sharma wrote:
> On Mon, Nov 29, 2010 at 11:24 PM, Mark Davis ☕<mark@macchiato.com> wrote:
>> By "registry" I mean at any level. So just as .com regulates everything of
>> the form xxx.bom, the entity responsible for .blogspot.com controls
>> everything of the form xxx.blogspot.com. Thus there are literally millions
>> of registries.
>
> Just so that nobody gets frightened and accuses Unicode of making
> security problems for their script -- the above comment only means
> that for all (of the millions of) websites example.com the owners of
> example.com have the power to ensure that XXX.example.com is NOT
> confusable with YYY.example.com. And the .com registry owners have the
> same power to ensure that example.com is not confusable with
> example2.com...
>
> Now the question is, is there only one owner of .com? ICANN? Who?
"Owner" is a difficult term in the context of domain names. If the
question is who is currently in control of .com, then this is easy to
answer. The official list of all the top level registries is at:
http://www.iana.org/domains/root/db/
There you see that VeriSign Global Registry Services is in charge.
http://www.iana.org/domains/root/db/com.html will give you more details.
Ken mentioned registrars, but these are the front ends dealing with
customer service,... Actual control is with the registries. A registrar
can never register something that the registry in charge will not allow.
There are some top level registries that also serve as their only
registrars, and on the other hand, there are some top level registries
that are served by many registrars. .com is of the later kind. I'd think
that because of the popularity of .com, the number of registrars for
.com may easily be the largest for any domain.
A registrar can select to only register a subset of the domain names
offered by the registry they serve (a registrar in India could refuse to
register Greek domain names because they don't understand the Greek
script well enough to provide a good service), but they cannot register
anything that the registry won't allow.
The relationship between ICANN and each registry varies. For some very
new registries, ICANN has a strong control via contracts that they set
up when they agreed to the creation of that domain. For some others,
they are just giving advice. This applies to most country code top level
domains, and also to very traditional domains such as .com.
> If this entity chooses to enforce confusables (does it?) then
> *wherever* a domain is registered it cannot be confusable with an
> existing domain name? To be precise, if my old example of ಅರಗ.com is
> registered in India, then అరగ.com cannot be registered *anywhere in
> the world*?
Yes, of course. The domain name system is global. Each domain (starting
with what you could call 0-level domain, which contains the top level
domains) only has one controlling entity. Each domain resolves the same
way all around the world. If something is registered with .com, then as
soon as you register it, e.g. with a registrar in India, it gets
registered in the registry, i.e. with VeriSign.
Because .com is very global in use, when IDNA started (and even before
experimentally), VeriSign was registering domain names in all kinds of
scripts. For a long time, they also allowed registration of mixed-script
names. This lead to the "paypal scare", where a security researcher
registered paypal.com with a Cyrillic 'a'.
While ICANN cannot do much more than provide advice to most registries,
some browser makers (in particular Mozilla) have tried to evaluate the
policy of each top-level registry with regards to internationalized
domain names, and use this to decide whether to show the domain name
with real characters or encoded (using punycode). If you try in Firefox,
you will see that అరగ.com and అరగ.ru show as punycode, but అరగ.jp and
అరగ.рф show as characters in the address bar. (Non of them resolves, and
in all cases, a "Network Error" page shows punycode.) For details,
please see
http://www.mozilla.org/projects/security/tld-idn-policy-list.html. This
may lead to pressure on the registries to create (or publish) and update
their registry policies.
Regards, Martin.
-- #-# Martin J. Dürst, Professor, Aoyama Gakuin University #-# http://www.sw.it.aoyama.ac.jp mailto:duerst@it.aoyama.ac.jp
This archive was generated by hypermail 2.1.5 : Tue Nov 30 2010 - 00:38:58 CST