Distributed configuration of "private" IDNA (Re: IDNA and getnameinfo() and getaddrinfo())

Shawn Steele Shawn.Steele at microsoft.com
Fri Jun 18 21:50:40 CEST 2010

Not "crapping out" is simple, the app can make a DNS request and see if something comes back.  It hardly matters if it matches all the DNS rules and dots it's i's and crosses it's t's if there no record to back it up.  It seems like it should be up to the app to decide if it's worth validating up-front, or allowing the failure to happen rather late.

If the application needs to do validation, then there should be a "CheckValidDomainName" API or something.  Applications shouldn't be doing those things themselves.  (If they did, then IDNA2003->IDNA2008 would require all apps be touched, not just whatever APIs they call.)  Email for example constantly gets complaints about apps inconsistently validating "valid" (but unusual) addresses.

Apps (& even other standards) should NOT be required to know how the bidi rules work and all that.  Instead they should point to an SDK to handle that (or standards should point to the standard), instead of rebuilding everything themselves.


 

From: Andrew Sullivan [ajs at shinkuro.com]
Sent: Friday, June 18, 2010 12:33 PM
To: Shawn Steele
Cc: cheshire at apple.com; idna-update at alvestrand.no; John C Klensin; Dave Thaler; Nicolas Williams
Subject: Re: Distributed configuration of "private" IDNA (Re: IDNA and  getnameinfo() and getaddrinfo())

On Fri, Jun 18, 2010 at 07:08:16PM +0000, Shawn Steele wrote:
> How often is data actually validated?  Often href's aren't (at least not when intially entered).  Applications just assume a domain name will resolve, and, if it doesn't, it fails then.

And of course, this blind acceptance of any data from any random place
in the Net including random evil humans has caused no trouble?  This
can't, surely, be the plan, even if it is in fact how things are done.
If you're going to insist on U-labels for interchange, you have _no
choice_ but to validate them as actually being U-labels, or they are
all but guaranteed to have crap in them that will never make it
through the IDNA2008 algorithms when it is finally time to do this.

I completely agree with you that it would be insane to require every
application to "do DNS".  But they can't handle domain name slots in
an "internationalized" way, and expect a standard interchange format
(with all its restrictions), but take whatever binary data they get
(or anyway, not reliably).


Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the Idna-update mailing list