baking into the protocol

John C Klensin klensin at jck.com
Fri Dec 22 14:49:27 CET 2006



--On Thursday, 21 December, 2006 20:19 +0900 Martin Duerst
<duerst at it.aoyama.ac.jp> wrote:

>> I stand by my caveat. I don't see a better or safer solution.

> The safest Internet is one where nobody is connected.
> The safest IDN standard is one that disallows everything.
> We all clearly don't want that. What I want is to make sure
> that we don't cut off things that we don't need to cut off.

I would have said "don't cut off things that have value and that
we don't need to cut off", but I think we agree (again).

Put differently, IDNs are a risk.  The DNS is much safer and
more secure with LDH characters only.  It would be even more
safe and secure if we eliminated the hyphen, the digit zero, and
the lower-case "L", but no one seriously recommends imposing
those restrictions in the name of security.  As soon as we move
into the IDN space, we start making decisions about tradeoffs --
tradeoffs among security, usability, user expectations, and so
on.  If one goes looking for a "safer solution", considering
that an absolute, then the path leads rather swiftly to "no
IDNs" even if it does not quite reach "no connections".

    john





More information about the Idna-update mailing list