[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just send UTF-8 with nameprep (was: RE: [idn] Reality Check)

To: Dan Oscarsson <Dan.Oscarsson@trab.se>, idn@ops.ietf.org
Subject: Re: Just send UTF-8 with nameprep (was: RE: [idn] Reality Check)
From: Patrik Fältström <paf@cisco.com>
Date: Tue, 24 Jul 2001 10:54:36 +0200
cc: Rob Austein <sra@hactrn.net>

--On 01-07-24 08.57 +0200 Dan Oscarsson <Dan.Oscarsson@trab.se> wrote:

> It would be interesting if somebody have some real data to show
> if it really is that CPU heavy.

We have problems today with DNS as it is without DNSSEC, A6, DNAME, etc etc
and as I said before, I really want changes to the way DNS works today to
be handled in the DNSOP and DNSEXT wg's and not this.

Regarding only doing nameprep in the authoritative servers, that is
definitly not enough. That means that you might get a query after owner A,
which nameprepped is B, and because of this, one send a query for owner A,
but get B as a response.

I really want DNS servers to reject those kind of responses (where the
owner in the response doesn't match the owner in the query), and I hope
they do check this today, or we would have cache poisoning all over the
place.

I.e. doing nameprep only in authoritative servers is firstly a security
issue and secondly a performance issue.

But, most importantly, I don't find this group being the one which can even
think about DNS complexity.

  paf

Prev by Date: Re: [idn] Debunking the ACE myth
Next by Date: Re: Just send UTF-8 with nameprep (was: RE: [idn]Reality Check)
Prev by thread: Re: Just send UTF-8 with nameprep (was: RE: [idn] Reality Check)
Next by thread: Re: Just send UTF-8 with nameprep (was: RE: [idn] Reality Check)
Index(es):
- Date
- Thread