Nicolas Williams Nicolas.Williams at oracle.com
Thu Jun 17 23:07:57 CEST 2010

On Thu, Jun 17, 2010 at 09:02:09PM +0000, Shawn Steele wrote:
> > The point is that there are going to be a variety of cases all of
> > which have to be handled on a case-by-case basis.
> Yes, but I'd like to encourage the case-by-case to try to avoid
> punycode when possible.  IMO it's better to say "let's use UTF-8 in
> this 8 bit slot" rather than "let's jam in punycode because it's
> easy."  Both require updates to the system..

On the one hand, I agree: ACE leakage into UIs is bad, therefore ACE
avoidance is good.

On the other hand I disagree: non-A-label leakage into IDN-unaware
domainname slots (in APIs, protocols, on-disk formats) is a bad thing.

In the long-term I think the latter is less bad than the former, but in
the short-term I think the latter is worse than the former.

In terms of protocol specifications, what really matters is that we
provide the correct guidance and that implementors heed it.  If
implementors don't heed the guidance we provide then things break
anyways, in which case which is the lesser evil: ACE leakage into UIs or
non-ASCII leakage into IDN-unaware domainname slots?


More information about the Idna-update mailing list