SASLprep200x

John C Klensin klensin at jck.com
Fri Jan 12 19:10:31 CET 2007



--On Friday, 12 January, 2007 18:00 +0100 Patrik Fältström
<patrik at frobbit.se> wrote:

> On 10 jan 2007, at 17.55, Erik van der Poel wrote:
> 
>> There is at least one hitch. How can a user agent
>> implementor/implementation know which registrar a registrant
>> used for a particular label in the registry?
> 
> They can not. My point was that say that the registry for .SE
> accept registrations both in the language Swedish and the
> Language Jiddish. This implies two different scripts. I
> presume there will be registrars that only will be able to
> handle the Latin Script, and because of that not registrations
> in Jiddish.

Erik,

More soon (in I-D form), but this is the robustness principle in
disguise.  For things to work, Registries must have sensible
policies about what is registered -- conservative policies-- and
implement and enforce them.  Registries who don't do so, or who
get too liberal, too greedy, or to weird will mostly need to be
punished in the marketplace or by consumer protection rules or
legislation.  One can debate whether "punishment by browser
vendor" an effective marketplace tool or not.  But, in any
event, the Protocol Police are going to be worth about as much
here as they usually are -- i.e., very little-- simply because,
unlike the marketplace and legal and regulatory mechanisms, they
have no enforcement power.

Conversely, resolvers can (and SHOULD or maybe MUST) reject
label strings that clearly violate global rules (no one serious
has ever claimed that being liberal in what is accepted requires
being stupid).  However, once one gets past such global rules
into anything script or locale sensitive, they are going to need
to assume that registries haven't put garbage into the DNS,
i.e., they must be be liberal about what they are willing to
look up in the DNS rather than guessing about whether it should
have been permitted to be registered.   As with other things, if
something doesn't resolve, it makes no difference whether it
simply wasn't registered or was prohibited by some rule.   

If resolvers, as a UI matter, decide to warn about some strings
that valid under the global rules but that they perceive as
dangerous, that is their prerogative and we can only hope that
the market (and maybe regulators) reward the good choices and
punish the bad ones.    IMO, a resolver that decides a string
that is valid under the protocol is dangerous and refuses to
look it up is in violation of the protocols; one that is willing
to look something up, but warns against, it is exercising a UI
choice.

   -- John "Three layers ought to be enough; much more smells of
politics and bad compromises" Klensin



More information about the Idna-update mailing list