[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)

To: Bill Fenner <fenner@research.att.com>
Subject: Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
From: Patrik Fältström <paf@cisco.com>
Date: Wed, 15 Oct 2003 22:04:26 +0200
Cc: iab@ietf.org, iesg@ietf.org
In-reply-to: <200310151551.h9FFpaS11865@windsor.research.att.com>
References: <20031014160118.457F57B43@berkshire.research.att.com> <9A7A8794-FE7F-11D7-9CE0-000A959CF516@cisco.com> <200310151551.h9FFpaS11865@windsor.research.att.com>

On 15 okt 2003, at 17.51, Bill Fenner wrote:

I don't get it - how come returning sitefinder for
ToAscii(feññer.com) where feññer.com hasn't been
registered is worse than returning sitefinder for fenner.com
where fenner.com hasn't been registered?

If your client doesn't implement ToAscii(feññer.com) correctly you will end up in sitefinder instead of getting NXDOMAIN when you have registered the correct ToAscii(feññer.com).

My view is that to find that your client is doing the wrong thing, NXDOMAIN is a better signal than sitefinder. Else, the fact that you end up in sitefinder will be a general signal that something is broken.

paf

References:
- [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
  - From: Steve Bellovin <smb@research.att.com>
- Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
  - From: Patrik Fältström <paf@cisco.com>
- Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
  - From: Bill Fenner <fenner@research.att.com>

Prev by Date: Comment on draft-bless-diffserv-multicast-07
Next by Date: Agenda and Package for October 16, 2003 Telechat
Previous by thread: Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
Next by thread: mailing lists for pre-BoFs?
Index(es):
- Date
- Thread