Implementation questions (digressing from...)

Andrew Sullivan ajs at shinkuro.com
Wed Dec 24 17:43:31 CET 2008 

On Wed, Dec 24, 2008 at 07:51:23AM -0800, Erik van der Poel wrote:

> >From my point of view, this is a leap of faith. I.e. hoping that zone
> operators at all levels of the DNS (not just TLDs) will bundle (or
> block) for eszett/ss.

As I've already argued, you _have_ to have that faith if you want the
current proposed protocol approach to work.  That is, if we're going
to pull mappings out of the middle of the protocol and push them out
to the ends, on the grounds that different circumstances demand
different processing, then we have to accept what moving the mappings
entails.  One thing it entails is an opening for possibly foolish
behaviour on the part of zone operators.

This capacity for bad operation of a DNS zone is nothing new.
Significant portions of the DNS today only manage to operate because
of generous cache acceptance policies on the part of resolvers,
without which some zones would almost certainly go dark.  There are
warnings in the context of both CNAME and DNAMEs that long chains can
be made circular, and that you had better be pretty careful not to do
that; but operators still manage to do it.  I anticipate that there
will be operators who allow the "same" label spelled with "ss" and "ß"
to resolve to different hosts.  I think that will be too bad.  I also
think there is nothing we can really do about that in the proposed
protocol, without reopening the question of the deep assumption of
where mappings ought to happen.  We can't have this both ways.  

The best we can do is tell people to be careful, and suggest different
ways that they can do that.  I think DNAME is probably more
appropriate than CNAME in many but not all of these cases, for
instance.  Also, keep in mind that anything we insist on probably
brings with it more restrictions than maybe we want.  For instance, MX
records can't point at a CNAME.  Do we really think it a good idea to
open the DNS operation can of worms as part of our effort to settle on
this protocol?  Advice for what we think is sane is, I think, not a
bad idea.  But the closer we get to "SHOULD" or "MUST", the more I see
a bottomless rathole in our future.

A

-- 
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the Idna-update mailing list