While more was made out of the domains in non-Latin characters announcement, there is actually another item which wasn't covered nearly as much as it should have been. Basically, it's the fact that DNSSEC is going to be deployed in January. In short, 'DNS' is the system that translates domain.com in to a numerical address on the internet where the server for that alphanumeric domain name resides. The 'SEC' part of it is a secure extension being added on in order to digitally sign these names and provide a level of security to know that the names we type in are indeed being pointed correctly.
This is something we've needed for some time. Much like email, DNS was built with little security in mind as the initial systems were created for a small, clustered group of people to use in government and education institutions. Once the sweaty masses got our hands on these systems, spam, phishing, and any number of other nefarious elements came about.
It's just unfortunate in how this system is being both implemented and released. For starters, it is being released in January, before the release of the non-Latin character domains. So, what happens if this system blows up? The extended character domain release is obviously going to be delayed. Is it going to blow up? Probably to a certain degree. The obstacles to making it work well are all possible to overcome, but it's going to be an immense strain on our DNS network for the following reasons:
- Additional communication between servers to authenticate and distribute the keys
- Additional data needed to be stored in the root servers for the millions of domains in existence
- Additional bandwidth needed for lookups.
Rebecca Wanjiku picked up on this last element in an article she published recently. It's a definite concern. Just like how all this cloud business is going to create new barriers for participation in low bandwidth areas of Africa, so too will DNSSEC. A basic zone file is a minimum of 512 bytes or half a kilobyte. I have yet to find any hard data on the size of the digital keys, but it's going to increase the size of these lookups a great deal. Let's just say that they're using a 128 alphanumeric key. That requires an extra kilobyte of transport space thus making a secured, DNSSEC request 1.5kb. For those on broadband, this is nothing. For those on anything less, this is crippling as it needs to be made for every new domain request. If you're on the equivalent of a dialup connection running at 56kbs, you get 7kb of bandwidth, meaning that DNS requests are going to hog up 21% of your available bandwidth! In addition to this, there are two more pings to the DNS server in order for the authentication process to function which means if you have a connection with high latency, you're also going to be hurting.
I have to admit that it's been awhile since I've done straight IT work and had to deal with the math involved in making DNS and all that work, so if anyone has any hard data and wants to gently (or forcefully) correct me on what I'm guestimating, please do. I would very much love to be shown the light, especially if it drives the numbers quite far one way or the other from what I've tallied up.
Now, while some security on the internet has to happen at some point, why does it have to happen now? Why can't it wait another two years for more broadband deployment to make this so, so much less of an issue? I'm going to put on my conspiracy hat for a minute (yes, it's made of tinfoil.) There's something interesting that people haven't linked up just yet. Windows 7 has just been released. That's not really news at this point, but what is news is the fact that Windows 7 has been built to take advantage of DNSSEC out of the box. This is being celebrated as something great and it most definitely is as Windows has been a notoriously insecure operating system for a long time.
But here's the thing. A lot of people will undoubtedly upgrade to Windows 7 through the end of this year as they buy new computers. Again, not a big deal as this is a pretty regular thing. But it just happens that DNSSEC is going to be thoroughly deployed on the 20 root nameservers around the world in January. In January, Apple has its MacExpo to show off new products. As far as I've read, DNSSEC is not a core part of OS X or OS X Server and as time goes on, this secure DNS is going to become quite important in securing the internet. Wouldn't it take a great deal of wind out Apple's "I'm a Mac and I'm a PC" campaign if suddenly Windows had the edge in security? Yes, yes it would.
So, am I saying that it's possible for Microsoft to have "pushed" some folks at ICANN to release DNSSEC at this specific time to bring back in to the fold, those who have strayed from the Microsoft flock? Yes, yes I am, because honestly, I have a very hard time trusting ICANN as despite the US relaxing it's oversight lately, it still is a US institution with not nearly the amount of transparency needed for a group that controls access to the sum of our digital knowledge.
It wouldn't be surprising for Microsoft to put marketing ahead of its potential users in low bandwidth regions like Sub-Saharan Africa, which is why Google is going to thrash them as the internet is more and more available. But the one singular thing that could make all of this a great deal better would be to offer the option not to use DNSSEC and just use standard DNS. Something along the lines of an option button in the Security Center next to, "Thanks, I'll monitor my DNS queries myself." Or better yet, have a system that is able to detect your bandwidth and adjust things such as this accordingly. And there you go, what could be a potential barrier to countless millions, sidestepped for the time being until bandwidth is more available.
One of the big chunks of news to come out of the ICANN meeting in Seoul, Korea was a final timeline and implementation guideline to have internet domains in non-Latin characters. Honestly, I wasn't even going to write about it as I am much more interested in seeing how the implementation comes about and how it shakes down. But, in poking around for news about it, I came across this Pros & Cons article. I am nearly amused by the con comments as I'd really like to know if the people making them are a) English speakers and b) monolingual. They're just not well thought-out and such incredible straw man arguments that I would laugh if it wasn't the case that comments like these could derail the whole process of creating a proper multilingual internet.
Expanding beyond Roman characters also increases potential for site rip-offs that use homoglyphs, characters with identical or indistinguishable shapes.
Pfft. Then we should just shut down the internet and resolutely solve the problem. I mean, people die in car accidents every year. Should we not create new cars because people could die in the new cars when they're currently dying just fine in the old cars? This reasoning is not logical and sounds like a veiled attempt to excuse laziness in making this switch because hey, it works now, so why change?
Adding support for 100,000 international characters would make traditional keyboards insufficient input devices for accessing the entire Internet. As fellow PC World writer Jacqueline Emigh pointed out, it would be next to impossible to produce a keyboard that could support characters from every language under the sun.
Really? Are you serious? Depending on what I'm working on, I typically have up to four keyboards installed on my machine: English ISO, Spanish ISO (which also has the French characters), Croatian, and Cyrillic. I can probably type at least 1,000 different characters by easily swapping the active keyboard. I'm using Windows XP, which is old. Windows Vista and Mac OS X are even better in this department. We've had this "amazing" technology around for over a decade. It's easy to switch and it works fine. And really, if I need to go to a domain that has French characters in it, wouldn't I be probably be using a keyboard that supported the French characters already? Also, the English QWERTY keyboard was designed to have you type slower, so isn't it about time to update it anyway?
I realize that people are shuddering to think that this could establish "language silos" on the internet. Only an English speaker would think this because currently, imagine how it is for a Russian typing with a Cyrillic keyboard to have to switch all the time to Latin characters just to enter a domain? The silos will develop no matter when and if they're going to develop. I think that due to all the language work that's going on these days, we are actually entering an age of far better cross-communication than ever before.
All of this doesn't effect Sub-Saharan Africa as much as other countries due to the fact that African languages (with the exception of Amharic) were alphabetized using Latin-based alphabets. But the one thing that would be great out of this is that a language such as Lingala, which was created with accented characters, doesn't get "Anglicized" as often when written on the internet and the characters actually stick around.
If you don't currently have it, I recommend for anyone out there to switch to the US International Keyboard if an English speaker. It doesn't ship as default with operating systems for some insane reason, but it offers up a huge swath of other characters to access just by using one additional key.
