[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Request for Advice on VGRS IDN Announcement]

To: Leslie Daigle <leslie@thinkingcat.com>
Subject: Re: [Fwd: Request for Advice on VGRS IDN Announcement]
From: Thomas Narten <narten@us.ibm.com>
Date: Mon, 06 Jan 2003 15:01:17 -0500
Cc: iab@ietf.org, iesg@ietf.org
Delivery-date: Mon, 06 Jan 2003 12:08:38 -0800
Envelope-to: iesg-hack@psg.com
In-reply-to: Message from Leslie Daigle <leslie@thinkingcat.com> of "Mon, 06 Jan 2003 14:45:50 EST." <3E19DCEE.3000805@thinkingcat.com>
List-help: <mailto:iesg-request@ietf.org?subject=help>
List-id: <iesg.ietf.org>
List-post: <mailto:iesg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/iesg>,<mailto:iesg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/iesg>,<mailto:iesg-request@ietf.org?subject=unsubscribe>
Sender: Randy Bush <randy@psg.com>

Hmmm.

> On Friday, VeriSign Global Registry Services announced a set of steps
> relating to the implementation of internationalized domain name
> capabilities, including changes in the behavior of the authoritative
> name servers for the com and net zones.  The announcement is at
> <http://www.merit.edu/mail.archives/nanog/msg06058.html>.

I can only tell 80% what they are doing here. But if its what I think
it is, it's bad. Quoting from the Verisign release:

> Starting
> on January 3, 2003, some queries to the com/net name servers that
> previously failed with a DNS Name Error (NXDOMAIN) response will
> instead return an address (A) record. Any queries for A records with
> at least one octet greater than decimal 127 in the second-level label
> will trigger this A record response.

This is broken, it if does this for things in .com and other
TLDs. I.e, instead of returning an error, their servers will return a
bogus A record that points to one of their servers.  The client will
then contact the verisign server instead of the actual intended
destination.

> The A record that will be returned by VGRS points to a farm of web
> servers that will attempt to resolve the query. The browser that sent
> the original DNS query will connect to one of these web servers and
> its HTTP request will contain a Host header with the representation
> of the IDN originally entered by the user in the address bar. The web
> servers will attempt to interpret the contents of the Host header. If
> the Host header corresponds to an IDN registered in VeriSign's IDN
> Test Bed, the web server will return a page that gives the user an
> opportunity to download the free i-Nav plug-in. The page will also
> allow the user to navigate to the corresponding IDN web site via an
> HTTP redirect. If the contents of the Host header cannot be matched
> to an IDN registered in the Testbed, the web server will return an
> HTTP 404 response.

Oh? you mean the intended service for the client might not be HTTP? Oh
well, too bad.

The question is the scope here. If the .com servers start doing this
for *everything* in, say, .com, this is way out of line.

Thomas

Follow-Ups:
- Re: [Fwd: Request for Advice on VGRS IDN Announcement]
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

References:
- [Fwd: Request for Advice on VGRS IDN Announcement]
  - From: Leslie Daigle <leslie@thinkingcat.com>

Prev by Date: RE: Internet-Drafts rsync server
Next by Date: Re: Internet-Drafts rsync server
Previous by thread: [Fwd: Request for Advice on VGRS IDN Announcement]
Next by thread: Re: [Fwd: Request for Advice on VGRS IDN Announcement]
Index(es):
- Date
- Thread