Stop me if I've misunderstood...

Andrew Sullivan ajs at shinkuro.com
Thu Jul 9 23:27:47 CEST 2009 

On Thu, Jul 09, 2009 at 09:13:02PM +0000, Shawn Steele wrote:
 
> Hmm ;-) Let's see "microsoft.com", Microsoft.com, MICROSOFT.COM,
> MicroSoft.Com, MiCrOsOfT.CoM, I'm not gonna list 512 variations of
> "Microsoft" that don't compare equal in binary form, yet resolve to
> the same domain name.  

[…]

> I'd like to point out that the current draft approach is a bit
> hypocritical.  The draft says "Mapping is discouraged: your
> preferred display name doesn't matter, just use aaa.com instead of
> AAA.com".  It also says "ss changes: your display name matters
> enough that we'll break the β <-> ss behavior."

I'm not sure I agree with the above characterization.  In DNS, case
differences are preserved but not significant for matching.  So it's
not quite right that microsoft.com and MICROSOFT.COM "don't compare
equal in binary form".  The protocol is quite specific that they _do_
in fact compare equal, even though they happen to have different 0x20
bits on the octets.  This isn't a mapping in the sense that we're
talking about in the current work, and I want to be sure we don't
paper over the difference here.

As a matter of actual implementation, however, it's worth noting that
in just about every real implementation in the wild, the server uses
the form of the name _as supplied by the user_.  For instance:

dig -t ns MiCroSoFT.COm

; <<>> DiG 9.4.2 <<>> -t ns MiCroSoFT.COm
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62469
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5

;; QUESTION SECTION:
;MiCroSoFT.COm.			IN	NS

;; ANSWER SECTION:
MiCroSoFT.COm.		14400	IN	NS	ns3.msft.net.
MiCroSoFT.COm.		14400	IN	NS	ns4.msft.net.
MiCroSoFT.COm.		14400	IN	NS	ns5.msft.net.
MiCroSoFT.COm.		14400	IN	NS	ns1.msft.net.
MiCroSoFT.COm.		14400	IN	NS	ns2.msft.net.

;; ADDITIONAL SECTION:
ns1.msft.net.		716	IN	A	65.55.37.62
ns2.msft.net.		3571	IN	A	64.4.59.173
ns3.msft.net.		2820	IN	A	213.199.161.77
ns4.msft.net.		2820	IN	A	207.46.66.126
ns5.msft.net.		2137	IN	A	65.55.226.140

;; Query time: 21 msec
;; SERVER: 208.79.80.18#53(208.79.80.18)
;; WHEN: Thu Jul  9 21:24:33 2009
;; MSG SIZE  rcvd: 209

This is because most name servers use the compression trick and just
refer to the form that is in the question.  (The question before dnsext
is in fact whether to mandate that behaviour.)  So I'm not sure how
much we can do about the display issues anyway.

A

-- 
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the Idna-update mailing list