[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone




> Multilingual names that have character equivalency issues will have to
> opt-out of DNSSEC.

That shounds like a non-starter.
We need to figure out how to provide better Internationalization of
IETF protocols and we need to make the Internet more secure.
Forcing users to choose between either IDN or secure doesn't accomplish
this.


> Erik, honestly, I dont have the exact "best" solution yet.  My point is that
> there are "possibilities" and we should not rule the entire thing out just
> because it might be a bit difficult.

I think we've talked about this on the list for two years. Lots of folks
have said "I have an idea" and further exploration on the list or in I-Ds
have determined that when taking the details into account the idea
doesn't fit with the constraints imposed by the DNS and the applications.

So the problem isn't that it is a bit difficult, but that it can't be made
to work given the constraints.
That doesn't make the problem less important - but it means that it doesn't
fit into the DNS. Hence the work on layer 2 where more context can be
taking into account when searching for names.

>  I really want to stop talking about
> this subject on this list, but it seems to me very irresponsible, especially
> considering that I am an implementor of this technology that I would have to
> tell my customers that:
> A.example  is NOT the same as A.example
> How can I do that?  Any normal person in this world would not accept this,
> yet I am creating a system that force them to accept that.  I could step
> back and say, "o well, buyers beware", but it just doesnt seem right.  Do
> you think it is right?

Isn't much different than MICROSOFT.COM and MICR0S0FT.COM (digit 0 vs. O).

But I think the problem is important. 
But I've come to the conclusion that solving the problem either requires
 - replacing the DNS with something else that can do approximate matching, or
 - building a system on top of the DNS.

I think the vast majority, no matter how important they think the problem is,
don't want to take the risk to the current operational Internet of
a whole-sale replacement of the DNS.
Leaves the layered approach as the only reasonable choice.

  Erik