Re: [idn] Reality Check

["Adam M. Costello" <amc@cs.berkeley.edu>]

Dan Oscarsson <Dan.Oscarsson@trab.se> wrote:

> IDNA says that over the DNS protocol namepreped ACE must be used.
> Because of this, DNS can only return names in lower case.

IDNA says that it is possible to use today's DNS, with no changes, for
IDNs, and the way to do that is via nameprep'd ACE.  IDNA does not
forbid DNS extensions.

As Brian has already pointed out, nameprep'd ACE can easily retain
mixed-case information.  So it's still not necessary to change DNS.

If you don't like that solution, you could instead add some new resource
records, like ICNAME and IPTR, which would be just like CNAME and
PTR except that they would contain non-nameprep'd UTF-8 instead of
nameprep'd ACE.  DNS servers could return them along with the legacy
records.  One problem would be that for some names, the ACE will fit in
63 bytes but the UTF-8 will not.

Alternatively, you could alter the DNS protocol itself so that the
request can contain a flag inviting the server to put non-nameprep'd
UTF-8 directly into CNAME and PTR responses.  The length problem would
still exist unless the DNS protocol extension also increased the length
limit.

I recommend the first solution (mixed-case ACE), because it doesn't
have the length problem and appears to be the simplest (given that ACE
already needs to be supported).

> So, while you can enter mixed case, the moment a name is sent or
> received over the DNS protocol it is converted into lower case and the
> mixed case information is lost.

Even if that were true (which it's not in light of mixed-case ACE),
keep in mind that names received from DNS are very rarely displayed to
users (except sysadmins).  CNAME records are usually just looked up
again for their address, and PTR records are usually used internally for
permissions checks, or written to log files or similarly unseen places
(like Received: headers).

AMC