Changing the xn-- prefix
Harald Tveit Alvestrand
harald at alvestrand.no
Tue Mar 18 20:06:20 CET 2008
Simon Josefsson skrev:
> Harald Tveit Alvestrand <harald at alvestrand.no> writes:
>
>
>> Simon,
>>
>> Simon Josefsson skrev:
>>
>>> I note that using a new prefix instead of xn-- would avoid this problem.
>>> Specifications and implementations that use IDNA2003 continue to use
>>> xn-- and will work fine within its limitations. New specifications and
>>> implementations that support IDNABIS will use another prefix and also
>>> work fine.
>>>
>>> I'm not suggesting we adopt this approach, but I haven't
>>> seen the disadvantages of changing the prefix clearly expressed yet.
>>>
>>> There is a cost in maintaining both IDNA2003 and IDNABIS encodings of
>>> strings during a transition-period. Whether that cost is higher or
>>> lower than the complexity in re-using the old prefix for something that
>>> won't be fully backwards compatible is not clear to me.
>>>
>>>
>> section 9.3.3 of draft-klensin-idnabis-issues-07 tries to describe (in
>> just a few sentences) the cost drivers that (I think) makes a prefix
>> change a very expensive proposition, both in terms of work for the DNS
>> operators and in terms of ongoing execution-time costs of application.
>>
>> That argument convinced me; if you find any part of that unclear, or
>> disagree with the conclusions, feedback on the text would be welcome.
>>
>
> The section didn't convince me. It seems to repeatedly assert that the
> costs are "considerable" without going into technical details.
>
> There are some claims that look substantive:
>
> Even if they wanted to do so, all registries could not convert all
> IDNA2003 ("xn--") registrations to a new form at the same time
>
> I don't see why registries would need to convert anything at the same
> time? Supporting IDNABIS will be a gradual process for the few
> registries that support IDNA2003 today. I don't think any registry will
> support IDNABIS the same day it is published. There is no change
> everything at the same time.
>
> systems that needed to support both labels
> with old prefixes and labels with new ones would first process a
> putative label under the IDNA200X rules and try to look it up and
> then, if it were not found, would process the label under IDNA2003
> rules and look it up again.
>
> IDNABIS could say that for backwards compatible reasons, when you create
> a domain xp--foo in your zone (for some non-ASCII string), the software
> needs to make sure there is a xn--foo for the corresponding IDNA2003
> name too, if there is an equivalent IDNA2003 name.
>
> Yes, this require some special text intended for people creating and
> maintaining zone files. However, such text is need anyway. The process
> of populating a zone file for non-ASCII domains is complicated and there
> are many fine details that cause problems.
>
So you agree that there is a cost in supporting both xn-- and xp--
versions of all IDN labels (and, of course, xn-- and xp-- versions of
the zones when the names are non-terminal labels), but you disagree that
this cost will be significant.
Did I interpret your statement correctly?
> That process could significantly slow down all processing that
> involved IDNs in the DNS especially since, in principle, a
> fully-qualified name could contain a mixture of labels that were
> registered with the old and new prefixes, a situation that would make
> the use of DNS caching very difficult.
>
> That is false for the CNAME approach.
>
What do you mean by the "CNAME approach"? (draft name?)
CNAMEs don't work for nonterminals - you need DNAMEs for that.
And I still don't understand how you avoid doing 2 lookups before you
conclude that a name really doesn't exist, no matter how many CNAMEs you
have lying around.
> In addition, looking up the same input string as two separate
> A-labels would create some potential for confusion and attacks, since
> they could, in principle, resolve to different targets.
>
> This threat doesn't seem applicable to the CNAME approach.
>
> I'm not proposing that we should change the prefix here, but I'd like to
> understand the disadvantages in doing so. There are some advantages:
>
> Other backwards incompatible changes appear to be considered at this
> point, such as using a newer Unicode version or changing how ß is
> handled. It will be simple to make those other backwards incompatible
> changes if we change the prefix.
Other thread.... but note that if incompatible changes are accepted,
they will also complicate the process of populating both the xn--
namespace and the xp-- namespace.
Harald
More information about the Idna-update
mailing list