Making progress on the mapping question
Andrew Sullivan
ajs at crankycanuck.ca
Mon Mar 30 18:35:56 CEST 2009
I'm quite distracted right now by something else, so this is very quick.
On Mon, Mar 30, 2009 at 11:19:55AM -0400, John C Klensin wrote:
>
> (b) "If a domain name is found" turns out to be slightly
> ambiguous because one can have either "no label at that node" or
> "label found, but no record of the type requested". I believe
Right. I think what you strictly want is an empty answer section with
Name Error, not an empty answer section with no error. The latter
means there's something else at that node name.
We also will need some sort of security considerations discussion
about what happens when the two different names have different RRs at
them. There is real potential for a mess in that corner case. At
higher level domain names, I'm not too worried, because I think large
delegation centric domains will know how to put together policies to
prevent that. But lower in the tree, where people do things like edit
zone files with $EDITOR, I can certainly envision problems.
> least that label, are IDNA2008-capable. That would mean that
> finding a label at the node, regardless of whether the
> particular QTYPE has any value, would stop the search.
A good way to show yourself how all of this will work is to query for
AAAA records at a name where you know there are only As, and where you
know there isn't anything.
> (c) The above would imply that we apply _all_ IDNA2003 mappings
> and lookups if the IDNA2008 lookup of (1) fails.
This possibility is indeed worrisome. It's important, whatever we do,
to avoid any hint of attempting to write policies for IDNA2003 zone
operators, I think.
A
--
Andrew Sullivan
ajs at crankycanuck.ca
More information about the Idna-update
mailing list