Eszett and Final Sigma (was: Re: Consensus Call Tranche 8 Results)
John C Klensin
klensin at jck.com
Wed Nov 5 22:05:35 CET 2008
--On Wednesday, 05 November, 2008 17:26 +0100 JFC Morfin
<jefsey at jefsey.com> wrote:
> At 14:55 05/11/2008, John C Klensin wrote:
>> Unless one argues that doubling the number of DNS queries
>> would have an insignificant operational effect, I'd assume
>> the latter would be operationally significant.
>
> Not necessarily if doubling the number of DNS queries was a
> general security light load alternative to DNSSEC. Another
> possibility would be to increment the port or the class number
> when certain sequences are observed, in order to properly
> address the label, or to get it rejected. Another possibility
> would be to change the IDNA implementation architecture
> without affecting the protocol.
I am not sure I understand what you are proposing or whether we
both understand the words in the same way. For example,
"increment the class [number]" implies a lookup in an entirely
different DNS tree, something that would raise interesting
issues in cache validity as well as ones about maintaining
parallel trees, presumed hits on both roots, etc. My long-ago
"different Class" proposal was carefully designed to avoid some
of these problems and was probably still not sufficient.
Thinking about the implementation and operational details of
what you are suggesting (assuming we understand the words the
same way) gives me a headache.
I also don't have a clue about what it would mean to change "the
implementation architecture without affecting the protocol"
because, to me, the purpose of a standardized protocol is
precisely to specify the implementation architecture (although
typically not all of the implementation details).
john
More information about the Idna-update
mailing list