referencing IDNA2008 (and IDNA2003?)

Andrew Sullivan ajs at
Fri Oct 22 16:48:55 CEST 2010

On Fri, Oct 22, 2010 at 10:29:19AM -0400, Vint Cerf wrote:
> andrew,
> we were pretty explicit that the algorithm that produces A-labels
> produces only lower case. check with John Klensin.

I remember talking about it, and I remember this being an issue
because Punycode does not actually require lower case.  But I can't
put my fingers on the text where it says this right now.  I haven't
looked that hard, however.

The reason I haven't looked hard is that it doesn't matter.  There is
absolutely no way we can enforce any restriction in the DNS that
requires the label to remain lower case.  Though DNS is supposed to be
ASCII-case-preserving but ASCII-case-insensitive, the plain fact is
that not every implementation does this, or does it correctly.  (I
recall quite clearly pointing this out during the WG discussions,
because some implementations use compression pointers to the original
query string and therefore get whatever was asked by an application.)
Applications can put their LDH queries in _in any case at all_ and
have them work.  An IDNA2008-unaware stack with an IDNA2008-aware
application above might do anything, including converting everything
in the label to upper case (try logging into an old-fashioned UNIX
console with the caps lock on.  You'll do a lookup for XN--SOMETHING
no matter what you intend).  If it does that, and happens to query
through a caching name server, the upper case form will persist in the
cache.  You still have to treat that label as matching the lower case
U-label.  We couldn't do all this above the DNS if you didn't have to.

The case-preserving, case-insensitive feature of DNS was, in my
opinion, a grave error.  But it's an error we have to live with
forever if we're going to continue using DNS.  You simply cannot build
a case-sensitive layer atop the DNS if any of the US-ASCII code points
in the labels you want to use are themselves to be case sensitive.  If
you want to do something clever like Punycode, only for the entire
Unicode range (i.e. including that which overlaps with US-ASCII) so
that you never have a transparent map between the DNS name and the
user-presented name, then you have the possibility of introducing case
sensitivity to the naming system (but not the DNS).  Otherwise, you're
out of luck.


Andrew Sullivan
ajs at
Shinkuro, Inc.

More information about the Idna-update mailing list