Warren New's Washington Internet Daily is reporting on the recent ITU-T Study Group 17 meeting activities that related to IDN and countering spam:
Facilitating internationalized domain names and new measures to counter spam via technical means are part of an ITU push to meet member states' demands for more security standardization.
Last Oct.'s World Telecom Standardization Assembly in Brazil added 2 work items to the agenda of the group, called ITU-T SG-17: The first is to study IDNs, which raise a major security issue because "some national characters can make a user think he is going to one place, but really going to another place," said Herbert Bertine of Lucent, chmn. of SG-17: "We are looking to make sure that when you use internationalized domain names, the possibility that users can be confused, misdirected," will be reduced.
"The belief is that IDN implementation will contribute to easier and greater use of the Internet in those countries where the native or official languages are not yet represented in ASCII characters," documents said. Andrzej Bartosiewicz, head of the DNS Div. at Poland's NASK has been named the group's reporting member on IDNs. The SG will assess ITU members' needs in light of existing standards, he said.
SG-17 has seen "an enormous increase [of work] in the area of security," said Bertine. SG-17 published 5 security recommendations in the last 4-year study period, which ended late in 2004. Bertine said the SG may produce 15-20 during the next period, but said much of the work is in its infancy.
Countering spam by technical means is a new security area for SG-17. Spam has policy, regulatory, legal and technical aspects, but the SG will address the technical side of spam fighting. "A lot of work has been done by IETF," said Bertine. "There's a lot of [standards] material out there. We don't want to duplicate work. We want to leverage and reference" what's other standards bodies have done and fill gaps, said Bertine, "but we have a lot of countries -- particularly developing countries -- who are really looking for the ITU to provide this information."
How spammers do what they do is under consideration; but more important is that spam is not only unwanted e- mail but now a vehicle for viruses and other malware, said Bertine.
SG 17 is working with the ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission) on new to be designated as the 27,000 series and dealing with information security management systems, officials said. Bertine thinks the new series will result in companies finding that "it's in their best interest to be certified, whether it means better insurance rates, less liability because you can claim conformance... plus the most fundamental, if you've got vulnerabilities, you sure want to catch them because it's going to cost you a pile of money if somebody discovers a major weakness."
"The field of information technology and the field of communications continue to overlap and merge more and more every year. That's why collaboration is so important," said Bertine.
At this meeting it was also decide to adopt OASIS' Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) into ITU-T standards.
A list of documents from the last meeting of SG-17 is available here.