Another Transition Plan Proposal

Gervase Markham gerv at
Fri Dec 11 01:33:12 CET 2009

On 10/12/09 15:54, John C Klensin wrote:
> In the context of how I understand the DNS works, there is no
> "sit there".  Let's talk haß as an example first.  First
> of all, I'm not sure what "alias" means.

Thanks for the clue. Various things have now dropped into place. I must 
say I am somewhat surprised that the DNS has not evolved a way to say 
simply "this domain is actually that domain" - DNAME seems close, but 
not quite, that, as Vagellis mentioned in in what I now realise was his 
request for just this ability.

But my surprise has no bearing on the nature of reality :-)

> we can try to make an alias with DNAME.  But there we run into
> problems if the owner of actually expects
> (as distinct from to
> work, because http://haß won't work, at least without
> some other measures.

Can those measures be taken by the .com owner, or do they have to be 
taken by the haß registrant?

> Also note that, if "Mississippi" were a label in a domain
> concerned with German, any simple mechanical operation would be
> required to bundle with it, not only Mißißippi, but also
> Mißissippi and Missißippi because any one of the three of them
> might turn out to be the correct spelling.   As we have
> discovered with other situations in which variant bundling has
> been deployed, the combinations explode rather quickly -- the
> registry is not limited to dealing with one extra label per
> label that contains "ss".

I agree, although I do think the combinatorial explosion will be limited 
in practice. There are not many domains registered. And 
the Greeks and Cypriots may well decide that only bunding variants where 
the s precedes a hyphen or is at the end of the label may well cover a 
high enough % of cases.

> But, without that, "alias" turns out to be a complicated concept
> for which mere string substitution doesn't do the job... unless
> one is willing to have all of the strings thus generated produce
> lame delegations or pointers back to the registry, which are
> among the conditions your note assumes are to be avoided.

OK. So I guess what confuses me about this is that, in the context of 
IDN spoofing, there was a lot of talk of "bundling or blocking" variant 
forms. What did people mean when they said "bundling"? DNAME? Are we now 
back to the point that no-one really knows what "bundling" means?

> The difficulty, unfortunately, is that talking seriously about
> "aliases" as a means of bundling requires understanding those
> technical details.

Duly noted.

> See Cary's note for the other aspects of this.  While some
> domains have used variant-style bundling (more or less what you

Like e.g. here - what exactly do _you_ mean on a technical level by 
"variant-style bundling"? And how can't the same mechanism be used to do 
what I'm suggesting?

> Except one then starts permitting, e.g., ß in strings that have
> nothing to do with German and putting it in front of people who,
> absent other clues and seeing what they expect to see, might
> consider it visually confusable with Greek beta or even Latin
> "b".  Solving the transition problem by making a gift to the
> phishers does not seem to me to be optimal.

That is a very reasonable point, and well-made. :-/


More information about the Idna-update mailing list