Overview#
Internationalized Resource Identifiers (
IRI) was defined by the
Internet Engineering Task Force (
IETF) in
2005 as a new internet standard to extend upon the existing
Uniform Resource Identifier (
URI) scheme.
The new standard was published in RFC 3987.
While Uniform Resource Identifiers are limited to a subset of the ASCII character set, Uniform Resource Identifiers may contain characters from the Universal Coded Character Set (Unicode/ISO 10646), including Chinese or Japanese kanji, Korean, Cyrillic characters, and so forth.
Mixing Internationalized Resource Identifierss and
ASCII ] can make it much easier to do
phishing attacks that trick someone into believing they are on a site they really are not on. For
example, one can replace the "a" in www.ebay.com or www.paypal.com with an internationalized look-alike "a" character such as <α>, and point that
IRI to a
malicious site. This is known as an
IDN homograph attack.
There might be more information for this subject on one of the following: