Comments on draft-ietf-idnabis-defs-10

Patrik Fältström patrik at frobbit.se
Mon Aug 31 08:24:38 CEST 2009


To reiterate, yes, I agree.

We also should remember, when fixing this, that ascii labels might  
swap casing in the DNS server for security reasons.

See draft-vixie-dnsext-dns0x20-00.txt

http://stupid.domain.name/ietf/draft-vixie-dnsext-dns0x20-00.txt

A-labels must because of this be lower cased before doing de-punycode.

Mumble...

    Patrik

On 31 aug 2009, at 08.09, Wil Tan wrote:

> Agreed. I just came to the same conclusion too.
>
> 2009/8/31 John C Klensin <klensin at jck.com>
>
>>
>>
>> --On Monday, August 31, 2009 07:10 +0200 Patrik Fältström
>> <patrik at frobbit.se> wrote:
>>
>>>
>>> On 31 aug 2009, at 07.05, Patrik Fältström wrote:
>>>
>>>> So, casefold of the ascii in the A-label only result in
>>>> casefold of the ascii in the U-label.
>>>
>>> Ok, after a gulp of coffee, I see your point.
>>>
>>> In the tables document we have the following:
>>>
>>>> 2.5. LDH (E) E:
>>>>
>>>>    cp is in {002D, 0030..0039, 0061..007A}
>>>
>>> That make for example 'F' illegal in an U-label.
>>>
>>> By changing this rule to the following, uppercase ASCII would
>>> be ok to have in an U-label.
>>>
>>> 2.5. LDH (E) E:
>>>
>>>     cp is in {002D, 0030..0039, 0041..005A, 0061..007A}
>>
>> But that would be a mistake, IMO, because it would result in
>> U-labels containing uppercase ASCII that produce different
>> A-labels from the same U-label with lowercase ASCII.  Those
>> A-labels would match in the DNS, which uses case-insensitive
>> comparison, but not in ordinary string comparisons (because they
>> are different).
>>
>> Put differently, that would give us a pair of U-labels that do
>> not compare equal on bitstring comparison (the only kind of
>> comparison defined for U-labels) but which produce equivalent
>> (although not identical) A-labels.  And, because of the
>> compression "feature", we would lose unambiguous symmetry of
>> A-labels and U-labels because, depending on where it came from,
>> a given A-label (and its DNS-equivalents) could produce
>> different U-labels.
>>
>> This would also imply that
>>  "Fältström" and "fältström"
>> would be valid U-labels but that "FÄLTSTRÖM" would not be
>> because Ä and Ö are both DISALLOWED.  I don't think we want to
>> go there.
>>
>>   john
>>
>>
>>
>> _______________________________________________
>> Idna-update mailing list
>> Idna-update at alvestrand.no
>> http://www.alvestrand.no/mailman/listinfo/idna-update
>>
>
>
>
> -- 
> Wil Tan
> CTO
> Cloud Registry <http://www.cloudregistry.net>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://www.alvestrand.no/pipermail/idna-update/attachments/20090831/6ff8c6b8/attachment.pgp 


More information about the Idna-update mailing list