Eszett and IDNAv2 vs IDNA2008

Andrew Sullivan ajs at shinkuro.com
Thu Mar 12 15:35:01 CET 2009 

On Thu, Mar 12, 2009 at 10:15:39AM -0400, Eric Brunner-Williams wrote:
> 
> > ...  the various try-2008-fail-to-2003 strategies people have talked
> > about, which includes the two-lookup approach.  (That two-lookup
> > approach is indeed broken in principle, but it might be good enough
> > for a transition strategy.)
> >   

> I appreciate the desire to get the right answer the first time, but 
> "broken in principle" needs technical justification, specific to the 
> problem domain.

Someone -- I think it was Marcos?  anyway, apologies for not citing
correctly -- made the argument recently, but it bears repeating.  You
cannot ask the DNS two questions in two different transactions and
make the assumption that the state hasn't changed in the meantime.
Therefore, if you ask q1, get back an answer you didn't want, and then
ask q2 thinking that it can provide the answer instead of q1, you have
made a fundamental error: the answer you get to q2 is possibly from a
different state, and there is no way in principle for you to tell.
This is a direct consequence of the loose coherence of the DNS.

But, as I said, it might be good enough much of the time.  So, if we
have, "If lookup IDNA2008 form results in an empty answer, then lookup
the 'mapped' form from IDNA2003," we have a technically incorrect
idea: the reason you get the answer from the IDNA-mapped query _could_
be because the IDNA2008 (and a "bundled" form the registry provided
for backward compatibility) record was added to the DNS in between
your first and second queries.  Or maybe you ended up at a different
DNS server the second time.  Or something else.  It might nevertheless
be the least awful answer, if we assume that this is something we only
have to live with for (say) two generations of browser.  I know, I
know, some people are still using Netscape version 3, so there's an
infinitely long tail.  But the tip is so pointy that the hold-out
IDNA2003 users will end up in the DNS noise.  That's a trade-off worth
talking about.

A

-- 
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the Idna-update mailing list