Internationalized Resource Identifiers


Internationalized Resource Identifiers (IRI) was defined by the Internet Engineering Task Force (IETF) in 2005 as a new internet standard to extend upon the existing Uniform Resource Identifier (URI) scheme.

The new standard was published in RFC 3987.

While Uniform Resource Identifiers are limited to a subset of the ASCII character set, Uniform Resource Identifiers may contain characters from the Universal Coded Character Set (Unicode/ISO 10646), including Chinese or Japanese kanji, Korean, Cyrillic characters, and so forth.

Internationalized Resource Identifiers and Security Considerations#

Mixing Internationalized Resource Identifierss and ASCII ] can make it much easier to do phishing attacks that trick someone into believing they are on a site they really are not on. For example, one can replace the "a" in www.ebay.com or www.paypal.com with an internationalized look-alike "a" character such as <α>, and point that IRI to a malicious site. This is known as an IDN homograph attack.

More Information#

There might be more information for this subject on one of the following: