[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] IDN character repertoire, nameprep
- To: Johnny Eriksson <bygg@cafax.se>
- Subject: Re: [idn] IDN character repertoire, nameprep
- From: Mark Welter <mwelter@walid.com>
- Date: Tue, 20 Mar 2001 16:27:57 -0500
- CC: idn working group <idn@ops.ietf.org>
- Delivery-date: Tue, 20 Mar 2001 13:29:14 -0800
- Envelope-to: idn-data@psg.com
Johnny Eriksson wrote:
> "Adam M. Costello" <amc@cs.berkeley.edu> wrote:
>
> > It has occurred to me that nameprep is currently moving two distinct
> > tasks from the DNS servers to the applications, when perhaps only one of
> > those tasks should move. The two tasks are:
> >
> > 1) Finding equivalences, for example, ABC.com == abc.com.
> > 2) Prohibiting some names, like a+b.com.
> >
> > Currently, most applications do neither. For example, ping is happy
> > to send all three of those names, exactly as shown, to the DNS server.
> > The DNS server performs canonicalization on each lookup, and performs
> > prohibition when it loads the zone file.
> >
> > Both tasks become more expensive for IDNs. Since canonicalization must
> > be done on each query, it makes sense to move it to the application.
> > But since prohibition is done rarely, I think it should remain the
> > job of the DNS server. That way, if more characters are added to the
> > allowed set, it is not necessary to upgrade applications, but only to
> > upgrade the DNS servers, and it's only the servers for domains that
> > wish to register names containing the new characters that need to be
> > upgraded.
>
> In order to prohibit characters, the DNS server has to undo the ACE
> encoding. You have just started to modify DNS, something that many
> people try desperatly to avoid.
>
> > AMC
>
> --Johnny
I brought up the very point that Adam has been trying to make at the
49th meeting. There is no need to decode an ACE to prohibit characters,
or in fact arbitrary strings. You have to keep clearly in mind that the
"registration" process controls what can resolve. If you don't pour junk into
your zone files, then junk won't resolve. This is where the prohibition
belongs, in my opinion (and that's where WALID has been putting it).
The world (wide web) being what it is, you can count on a dns server
getting lots of truly bizarre requests that it can politely reject.
I'm behind, and haven't read Nameprep version 3, but version 2 made
the distinction between registration and resolution contexts.
Mark Welter