UA Compliance @ICANN
Ashwin Rangan | Helsinki | ICANN56
UA Compliance @ICANN - Agenda
1
Quick Review:
Definitions and
UASG Criteria
2
Becoming
Compliant:
Our Project
Approach
3
Modifying a
Custom Application
4
5
6
Changes for
Packaged
Application
Contracts
UA Compliance
Status at ICANN
Web-resources for
More Information
| 2
Quick Review – Overall Definition
1
UniversalAcceptance(UA)isthestatewhereallvaliddomainnamesandemail
addressesareaccepted,validated,stored,processedanddisplayedcorrectly
andconsistentlybyallInternet-enabledapplications,devicesandsystems.
What Must be Handled
o
TLDs and SLDs can be up to 63 characters long each
o
Entire domain definition can be up to 253 characters long
TLDs and SLDs can be internationalized (www.sunshine.florist)
o
§
§
o
TLD: (florist or 花屋)
SLD: (sunshine or 日光
)
Email username in ASCII, domain internationalized
URL
www.sunshine.florist
www.sunshine. 花屋
www. 日光.florist
www. 日光. 花屋
Email
[email protected]
joe@sunshine. 花屋
joe@ 日光.florist
joe@ 日光. 花屋
| 3
Quick Review – 5 Criteria (from UASG)
1
For All Domain Names:
1.
Accept
o From user interface
o From another application (API)
o From a file
2.
Validate
o Understand syntax and character set
o List of valid gTLDs is dynamic
o Length of Domain and individual TLD, SLD
3.
Store
o Length, direction, character sets
| 4
Quick Review – 5 Criteria (from UASG)
1
For All Domain Names:
4.
Process
o Length and direction
o Character sets & encoding
o Special character requirements (Ñ)
o Auto-generated links
o Search
5.
Display
o Display in proper character set
| 5
Becoming Compliant – Our Project Approach
o
2
Make Universal Acceptance a Project to get started!
• Define Project Charter
• Define Roles & Responsibilities
• Schedule Meetings (Kickoff, updates)
| 6
Becoming Compliant – Our Project Approach
o
o
o
o
2
Project 1:
• Select one application per environment (Java, PHP, …)
• Make it UA Compliant
• Lessons learned, tools used, validate estimates
Project 2:
• The rest
• Create prioritized list – NOT by environment
• Work through the list, update estimates as learn more
Other:
• Add UA Compliance to scheduled enhancement efforts
And: update open-source libraries with code snippets you have found
and/or created to deal with UA issues
| 7
Modifying an Application – 3 Step Tango
3
Steps to making an application UA Compliant:
1.
Find
2.
Fix
3.
Test
1.
Find all uses of domain names
o Websites and links
o Emails
o Not just user interface
o Domain forwarding/redirect
Use a linkchecker on your website (some report all links, not just broken)
Does your login use an email as the user name?
Do your environment libraries handle Unicode?
| 8
Modifying an Application
2.
3
Fix
Use UASG’s 5 Criteria:
o
o
o
Accept
• Handle up to 63 characters each for TLD and SLD
• Recognize ASCII, Unicode, and Punycode
Validate
• First choice: don’t
• Otherwise
• Download latest list often (www.iana.org/domains/root/db)
• Validate using Unicode or Punycode
• Get direction right!
Store
• Check element size (overflow is a security risk!)
• Save in Unicode, convert to Punycode for DNS/other sites
| 9
Modifying an Application
o
Process
• “abc” in ASCII = “abc” in Unicode; “florist” not match “ 花屋
“
• Check all uses for length of domain name
• Check all uses for ASCII and Unicode combinations
• Special character requirements (ÑcanalsobeN~)
• Auto-generated links work
• Searches match properly
• Spam blockers may block sites they don’t recognize
• Watch for mix of character sets (new type of phishing!)
o
Display
• Convert between characters sets to appropriately display characters
3
| 10
Modifying an Application – Java Example
o
o
3
Code/Environment changes
• Identify environment changes for Unicode compatibility
• Check all function calls to libraries
Code Example:
| 11
Modifying an Application
3.
3
Test
o
Code test tools (Zensar Code Tester)
• Enter code snippet that uses domain or email
• Tool runs, validates, and offers fixes
• (sample screen on next slide)
o
Test emails:
• UASG has created test emails, including:
• [email protected]
• [email protected]
o
Test Websites
• ICANN working to create test websites to link to (ICANN 57)
| 12
Modifying an Application
3
URL url = new UR L(urlAsString);
url = IDNParser.parseUnicodeURLtoPunycode(url);
public static final URL parseUnicodeURLtoPunycode(URL url) throws MalformedURLException{
String host = url.getHost();
String protocol = url.getProtocol();
StringBuffer asciURL = new StringBuffer();
asciURL.append(IDN.toASCII(protocol));
asciURL.append(PROTOC OL_URL_STRING);
asciURL.append(IDN.toASCII(host));
url = new URL(asciURL.toString());
return url;
}
| 13
Packaged Products & Services - Treatment
o
Off-the-Shelf products
ASK|“IsUA
• Does product use domains/emails?
Complianceonyour
• If so, send vendor UA requirements
roadmap?”
• Ask for compliance response
• May not be straight yes/no
• If missing or incomplete: ask for roadmap assurances
o
Contractual Amendments
• Add amendment for UA Compliance
• While you’re adding to the contract:
• IPv6
• DNSSec
• Examples of all three at end of presentation
4
Contractual
amendments
| 14
UA Compliance Status at ICANN
5
Ongoing Task – Making Progress
All Business-Directed
Digital Services
Off-the-Shelf
21 Need contract update
18 N/A
1 UA Compliant
Custom Services
40 Off-the-Shelf
44 Custom In-House
29 Need to Test & Fix
7 N/A
8 UA Compliant!
| 15
Web-resources for More Information
o
6
ICANN UASG (https://community.icann.org/display/TUA/Documents)
•
Steering Group notes, fact sheets, guidelines, and a suffix list
o
ICANN.ORG (https://www.icann.org/resources/pages/universal-acceptance-2012-02-25-en)
• How to get involved and archives of public comments
o
Wikipedia (https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains)
• Top-level domain list: what’s up (.florist) and what isn’t yet (.travel)
o
Wikipedia (https://en.wikipedia.org/wiki/Internationalized_domain_name)
o
Good article on ASCII vs Unicode
UniversalAcceptance.link (http://www.universalacceptance.link/)
o
Links to explanations, test services, toolkits, and lists of the new gTLDs
Internationalization (https://www.w3.org/International/)
•
•
•
o
Group dedicated to web internationalization
CIO’s Guide to becoming UA Compliant
• Look for this from ICANN
| 16
Questions?
Appendix – Additional slides
•
•
•
Terms and Definitions – More
When to Act
Code example – Java
•
•
•
2slides
Code example – Perl
Contractual Ts and Cs – UA, IPv6, DNSSEC
Terms & Definitions – General Terms
Domain Name
TLD: Top level domain (www.sunshine.florist, www.parks.us)
SLD: Second level domain (www.sunshine.florist, www.parks.us)
Domain Character Sets
ASCII:
A-Z, 0-9, “-”
Unicode: Any language, from Ͽ toЃ toötoΩ
Punycode:
ASCII encoding of Unicode
Email Components
Username:
Before the “@” ([email protected])
Domain:
TLD:
Second level domain ([email protected])
Top level domain ([email protected])
| 19
Universal Acceptance – When to Act
If your web application or website does any of the following, you should test and
update for Universal Acceptance:
Website addresses
•
•
•
•
•
Accept / store / display
Auto-link / Generate link
Validate
Form entry / transfer
File transfer using website address
Email addresses
•
•
•
•
Use email as login name
Accept / store / display
Validate
Send / Receive
| 20
UA Compliance – Modifying an Application
o
Code Example:
| 21
UA Compliance – Modifying an Application
o
Code Example:
| 22
UA Compliance – Modifying an Application
o
Code Example:
| 23
Example Contract Paragraphs
IPV6SPECIFICATIONCOMPLIANCE: TotheextenttheServicesand/orDeliverablesincludedevelopmentorprovisionofsoftwareand/or
devicesthatsupportnetworkorInternetconnectivityofanykind,ContractorwarrantsandrepresentsthatallsuchServicesand
DeliverableswillbefullycompliantwiththeInternetEngineeringTaskForce(IETF) InternetProtocol,Version6Specification, sometimes
referred toastheIPv6Specification;and,inaddition,willbefullybackward-compatiblewiththe InternetEngineeringTaskForce
(IETF) InternetProtocol,Version4Specification,sometimesreferredtoastheIPv4Specification,includingwithoutlimitation havingthe
capabilities:(a)to createorreceive,process,andsendorforward(as appropriate) IPv6packetsinmixedIPv4/IPv6environments,and(b)
tointeroperatewithotheriPv6compliant software,devicesandwebsiteson networkssupportingonlyIPv4,only IPv6,andbothIPv4and
IPv6. TheexpectationisthatanynetworkedapplicationorservicedevelopedforICANNwouldoperateirrespectiveofwhethersuch
serviceswereaccessed usingIPv4orIPv6.
UNIVERSALACCEPTANCE OFTLDsCOMPLIANCE (UniversalAcceptance(UA) isthestatewhereallvaliddomainnamesandemail
addresses areaccepted,validated,stored,processedanddisplayedcorrectlyandconsistentlybyallInternet-enabledapplications,devices
andsystems.): TotheextenttheServicesand/orDeliverablesincludedevelopmentorprovisionofsoftwareand/ordevicesthat support
networkorInternetconnectivityofanykind,ContractorwarrantsandrepresentsthatallsuchServicesandDeliverableswillbefully
compliantwiththefollowingprovision:InwhatevermanneraService/Deliverablehandlesadomainname,theService/Deliverable shall
dosoconsistentlyforallstandardscompliantnamesinalltop-leveldomainslistedinIANA’sRootZoneDatabase(accessiblevia
https://www.iana.org/domains/root/db)atthetimeofdeliveryand guarantees consistencyforthreeyears.
DNSSECCOMPLIANCE: TotheextenttheServicesand/orDeliverablesincludedevelopment,provision,and/oruseofthedomainnames,
ContractorwarrantsandrepresentsthatallsuchServicesandDeliverableswillbefullycompliantwiththefollowingprovisions:
a) TheService/DeliverableisconsistentwiththedefinitionscontainedinthefollowinglistofRFCsandapplicableerrata,astheRFCs
applytotheService/Deliverable.Thetitlesgivenherearerepresentative,notthefullnametoimprovereadabilityofthelist.
b) ForServices/DeliverablesmakinguseofdataobtainedviaDNSresponses,DNSSECvalidationmustbeactive,usetheIANADNSRoot
KeySigningKeyset(availableathttps://www.iana.org/dnssec/files)asatrustanchor,andsupporttheupdatingoftheKeySigning
KeyviaRFC5011(andanyrevisions)
c) Services/DeliverablespublishingzonedatamustDNSSEC-signthezonedataanddescribethesigningprocedureinadocumentas
describedinRFC6841,AFrameworkforDNSSECPoliciesandDNSSECPracticeStatements.
| 24