[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Document Status?



On Sun, Sep 08, 2002 at 01:06:55AM +0000, Adam M. Costello wrote:
> 
> > If the relevant zone accepts dynamic updates that can add labels to
> > the zone, we need to be absolutely sure that there are appropriate and
> > unambiguous reply states for "that label isn't acceptable for this
> > zone even though it meets all of the syntax rules".
> 
> This is not an IDN issue; per-zone acceptable-name policies and dynamic
> updates both existed before IDN.  If anything, this is an issue for the
> dynamic DNS update spec, not the IDN spec.

I think the issue is not only for Dynamic DNS spec, but also for all other
thousands of RFCs which use hostnames in their protocols. Since IDN spec
contains hostnames extension spec, that affects all RFCs. Sweeping.

From conservative security viewpoints, ACE-encoded IDNs are different
than LDH ones in that they have amplified ambiguity/security problems 
behind the merits of backward compatibilty in networking. I cannot
accept even comparing IDN ambiguity problems with '1' and 'l' problems.
ASCII-tunneling accompanies unwarranted/improper trust by all parties. 

Going further, i think per-zone iDN registration policy is not enough,
it is just about how to control the "source" of the problem.
Receiving applications cannot detect IDNs from loosely-controlled-zone 
which policies and management the receiving sides may not accept or not
be satisfied with if they happen to know that, even though those controls 
are correct and acceptable in the source side. Old Receiving applications
can't do anything to ban "alien" improper IDNs.

In short, IDN should be controlled, but it can't because it is ASCII
tunneled. It seems sweeping on all RFC specs ,as you partly suggest.