[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] W.G. Last Call on "Requirements of Internationalized Domain Names"
On Feb 13, 9:47am, Marc Blanchet wrote:
> This is a idn working group last call for comments on advancing the
> following document as a Informational RFC:
>
> Title : Requirements of Internationalized Domain Names
> Author(s) : Editors Zita Wenzel, James Seng
> Filename :
> http://www.ietf.org/internet-drafts/draft-ietf-idn-requirements-04.txt
>
> Please send substantive comments to the idn mailing list, and minor
> editorial comments to the authors. This last call period will end two
> week from today on February 28th, 2001.
I see a problem with the following section:
>[2.6] The protocol MUST work for all features of DNS, IPv4, and
>IPv6. The protocol MUST NOT allow an IDN to be returned to a requestor
>that requests the IP-to-(old)-domain-name mapping service.
It's _way_ too limited. It isn't just applications requesting
hostnames from IP addresses that'll get broken if they get back a
name containing characters that they don't expect (namely anything not
allowed in RFC1123). It's an application asking for _any_ type of DNS
record containing a hostname. I suggest considering the problems on
UNIX, for instance, of a script that calls another program with a
domain name that it got back from an MX request. What happens if that
domain name has shell-active characters (redirection, etcetera)?
Potential problems, up to and including security holes.
Suggested rephrase:
[2.6] The protocol MUST work for all features of DNS, IPv4, and
IPv6. The protocol MUST NOT allow an IDN violating [RFC1034] and
[RFC1123] to be returned to a requestor that does not request
IDNs. This provision MUST be enforced by either nameservers or
resolvers and SHOULD be enforced by both.
-Allen
--
Allen Smith easmith@beatrice.rutgers.edu