[Technical Errata Reported] RFC5890 (4695)
Juan Altmayer Pizzorno
juan at sparkpost.com
Wed Sep 28 15:44:03 CEST 2016
Hi!
I think it would be good to move these errata ahead, be it as
“verified” or with alternate wording: the issue of the required
buffer sizes came up while my team implemented SMTPUTF8, and these
(incorrect) sizes given in the RFC created confusion.
.. Juan
> On May 22, 2016, at 2:40 AM, Martin J. Dürst <duerst at it.aoyama.ac.jp> wrote:
>
> [What I say below also applies to erratum 4696. If it's desirable to reply to that with the same comment, please let me know.]
>
> I believe that Juan is essentially right.
>
> This has come up before before, and possibly already noted by John Klensin for fixing in an eventual update.
>
> I provided some more detailed calculations with examples in the mail to idna-update at alvestrand.no with the following identifying details:
> Message-ID: <4AACA7E6.1070503 at it.aoyama.ac.jp>
> Date: Sun, 13 Sep 2009 17:05:58 +0900
>
> Unfortunately, when I currently try to access the archive at
> http://www.alvestrand.no/pipermail/idna-update/ from https://www.ietf.org/wg/concluded/idnabis.html, I get the following:
>
> ----
> Forbidden
>
> You don't have permission to access /pipermail/idna-update/ on this server.
>
> Apache/2.4.7 (Ubuntu) Server at www.alvestrand.no Port 80
> ----
>
> I have cc'ed Harald in the hope that the archive can be fixed soon.
>
>
> I'm coping the relevant part of that mail here:
>
> >>>>>>>>
> Here are my calculations. After a few tests, one finds out that punycode
> uses a single 'a' to express 'one more of the same character'. The
> question is then how many characters it takes punycode to express the
> first character. Expressing that first character takes more and more
> punycode characters as its Unicode number gets higher, so one has to
> test with the smallest Unicode character that needs a certain number of
> bytes in UTF-8. Going through lengths 1,2,3, and 4 per character in
> UTF-8, we find:
>
> 1 octet per character in UTF-8:
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.org gives
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.org
> and has 63 characters, so 63 octets in UTF-8, 126 octets in UTF-16, and
> 252 octets in UTF-32.
>
> 2 octets per character in UTF-8:
> ¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢.org gives
> xn--8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.org
> and has 58 characters, so 116 octets in UTF-8, 116 octets in UTF-16, and
> 232 octets in UTF-32. 59 seems possible in theory, but impossible in
> practice.
>
> ँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँँ.org (using the currently lowest encoded character that needs 3 bytes,
> U+0901, DEVANAGARI SIGN CANDRABINDU), gives
> xn--h1baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.org
> and has 57 characters, so 171 octets in UTF-8, 114 octets in UTF-16, and
> 228 octets in UTF-32. Please note that even characters in the U+0800
> range would need that much, because already a character such as 'ü'
> needs that much.
>
> Trying to assess how many characters one could use of
> 𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀𐌀.org
> (using U+10300, OLD ITALIC LETTER A, the lowest character in Unicode 3.2
> that needs 4 bytes in UTF-8) gives
> xn--097caaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.org
> and has 56 characters, so 224 octets in UTF-8, 224 octets in UTF-16, and
> 224 octets in UTF-32.
>
> Overall, we get a maximum label length in octets of 252 octets for
> UTF-32 (with US-ASCII), and 224 octets in UTF-8 and UTF-16 (with Old
> Italic and the like).
> >>>>>>>>
>
> Regards, Martin.
>
> On 2016/05/18 00:58, RFC Errata System wrote:
>> The following errata report has been submitted for RFC5890,
>> "Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework".
>>
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata_search.php?rfc=5890&eid=4695
>>
>> --------------------------------------
>> Type: Technical
>> Reported by: Juan Altmayer Pizzorno <juan at sparkpost.com>
>>
>> Section: 2.3.2.1
>>
>> Original Text
>> -------------
>> expansion of the A-label form to a U-label may produce strings that are
>> much longer than the normal 63 octet DNS limit (potentially up to 252
>> characters)
>>
>> Corrected Text
>> --------------
>> expansion of the A-label form to a U-label may produce strings that are
>> much longer than the normal 63 octet DNS limit (potentially up to 59
>> Unicode code points or 236 octets)
>>
>> Notes
>> -----
>> The contents of U-labels are encoded in the up to 59 ASCII characters (see 2.3.2.1 itself)
>> output by the Punycode algorithm in their corresponding A-labels. The Punycode
>> decoder (https://tools.ietf.org/html/rfc3492#section-6.2) consumes at least one
>> of those ASCII characters for each code point inserted into the U-label. An U-label,
>> thus, can contain at the most 59 Unicode code points.
>>
>> Since U-labels are defined (in 2.3.2.1) to be expressed in a standard Unicode Encoding
>> Form, and UTF-32, UTF-16 and UTF-8 (as revised by RFC3629) all can encode a code
>> point in at most 4 octets, 236 octets is an upper bound for an U-label's length.
>>
>> I think it should be possible to derive a tighter bound, but its rationale would likely be
>> less straighforward.
>>
>> I imagine the number 252 was originally derived by multiplying 63, the maximum
>> length of an A-label (including the "xn--" prefix), by 4, the maximum number of
>> octets needed to represent a code point.
>>
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party (IESG)
>> can log in to change the status and edit the report, if necessary.
>>
>> --------------------------------------
>> RFC5890 (draft-ietf-idnabis-defs-13)
>> --------------------------------------
>> Title : Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
>> Publication Date : August 2010
>> Author(s) : J. Klensin
>> Category : PROPOSED STANDARD
>> Source : Internationalized Domain Names in Applications (Revised)
>> Area : Applications
>> Stream : IETF
>> Verifying Party : IESG
>>
>> _______________________________________________
>> Idna-update mailing list
>> Idna-update at alvestrand.no
>> http://www.alvestrand.no/mailman/listinfo/idna-update
>>
More information about the Idna-update
mailing list