DNSSEC + IDN + INDccTLD

Andrew Sullivan ajs at commandprompt.com
Tue Sep 2 15:20:13 CEST 2008


On Mon, Sep 01, 2008 at 04:00:44PM +0200, JFC Morfin wrote:

> It seems to mean that deploying IDN will call for an EDNS0 
> promotion/installation campaign that will also support DNSSEC, while 

EDNS0 has been around for over 10 years now.  A recent quick study,
performed in the bar in the Dublin meeting by Joe Abley and Shane
Kerr, suggests that EDNS0 penetration is better than we might imagine
(it was presented in Dublin, also, and there's an active draft about
it).  Moreover, there's reason to suppose that in areas where EDNS0
have poor penetration, upgrades by just a few very significant
operators could change this state of affairs pretty quickly.  But in
any case, I don't think that this is the forum to discuss those
matters.  The natural place to do so would probably be dnsop.

> already motivated users. Would it not be the best time to consider an 
> EDNS1 version offering as well a simpler, clearer, cheaper and more 
> robust innovative support of Unicode domain names and may be other features?

I'm the co-chair of the DNS Extensions working group.  I think the
right term is going to be EDNSn, n>1, but in any case, if you have a
full proposal, please write an Internet Draft and propose that people
in the DNS Extensions working group consider it.  Please note that it
did take a very long time to get fairly wide EDNS0 deployment -- and
we're clearly not there yet, despite Joe and Shane's quick study.
Note also that EDNS0 is completely backward compatible with non-EDNS0
implementations, and unless you're proposing something similar for
your proposed EDNSn, it will go nowhere.

A 

-- 
Andrew Sullivan
ajs at commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/


More information about the Idna-update mailing list