[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[idn] Which names are valid? (was How should labels be encoded?)
-----BEGIN PGP SIGNED MESSAGE-----
[I'll discuss the relevance of email address internationalization
to this working group in another reply.]
"Adam M. Costello" wrote:
> David Hopwood wrote:
> > This does make clear, however, that it is not correct for a general
> > purpose resolver interface to reject non-LDH ASCII characters;
> > instead, it should pass through such characters (if no non-LDH
> > characters are used in that domain, the query will simply fail).
>
> You seem to be confusing queries and responses, or domain names and
> resource records. Currently, all domain names (which are the things
> that appear in queries) are advised to use the preferred name syntax
> (LDH characters in labels). The resource records (the things that
> appear in responses, like SOA and SRV data) already contain non-LDH
> characters, and of course they are not rejected for that.
I think you're missing the point, possibly from not having read RFC 2782.
In a query for SRV records, a non-LDH character ('_') is used in the
query string (QNAME), not just the response. The same may apply to a
query with QTYPE=MAILB (RFC 1035 section 8), and possibly others
(although I don't think MAILB is commonly used?)
More generally, nothing in RFCs 1034, 1035 or 2181 prohibited use of
non-LDH names in queries or in registered names; that was simply a
strong recommendation. So, prohibiting them now (as the current IDNA
draft does [*], for example) would be a backward-incompatible change.
[*] From section 3 of draft-ietf-idn-idna-03.txt:
# If names that are not legal in [NAMEPREP] are passed to an
# application, it will result in an error being passed to the
# application with no error being reported to the name server.
# Further, no application will ever ask for a name that is not
# legal in [NAMEPREP] because requests always go through [NAMEPREP]
# before getting to the DNS.
Since the names used in SRV queries would result in an error from
nameprep, it's clear that either the protocol labels in a SRV query
(and other similar cases) must not go through nameprep, or nameprep
must be changed so that it does not prohibit non-LDH ASCII
characters, or both.
> Some resource
> records contain domain names (like CNAME and PTR) but some contain
> other things. The mailbox field of the SOA record, even though it is
> formatted as a sequence of labels, is not a domain name and is not
> expected to conform to the preferred name syntax (although after you
> chop off the first label, the result is a domain name and is expected to
> conform). I gather than the same is true of the SRV record.
What do you propose to call the query string used for a SRV lookup
(e.g. "_ldap._tcp.example.com"), if not a domain name? It is certainly
a domain name as defined and used in RFCs 1034, 1035 and 2181 (although
not a host name).
However, as I said, this does not cause any problem provided that
resolver interfaces don't reject non-LDH US-ASCII octets in queries.
- --
David Hopwood <david.hopwood@zetnet.co.uk>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBO2f9qjkCAxeYt5gVAQHFcQf/Uz3mSIDKKZWZAx60CW3SYac7KN+y6xk3
O+Mw3W5wXo6oHKBxnqP+ySQS25BFTuooXQo/RKB7ORyG2HP/+zuCYhXrbaqjoYpL
/gZw6zV8iRwlH8z8Grh3TRaNgxQiTZAaBpRy3BMqMuXP5Q3FeAjDR1lzQoNd9Wrk
jB4yrxk4oZGunKBYZzomfbUOq/vD+KzoFEeaSNLcjhxn5oHjUaeZJ7pzXUSxbtrl
6v6902h2fsWom+k/6xWlbcZZLN0zsLKJUpig3JWT/wRls2BiNRvgHhBeZb86swdM
ijE+oGSZytVmSRV76RoomzauoqzNKKGa80hrFtDJEB73B4B43tT6Ag==
=PjT8
-----END PGP SIGNATURE-----