Unconditional punycode conversion

Andrew Sullivan ajs at shinkuro.com
Wed Mar 9 19:35:48 CET 2011

On Wed, Mar 09, 2011 at 07:27:47PM +0100, Simon Josefsson wrote:
> My reading has been that RFC 5891 section 5 specify the steps needed to
> validate a domain name before it is looked up.  If there is no rule in
> there to invalidate "ab--cd" the label will be looked up.  Is this
> reading not the intended one?

Ah, I get it.  RFC 5891 section 5 specifies the steps to look up an
_IDNA2008_ label.  This is called out in the Introduction:

   IDNA applies only to a specific subset of DNS labels.  The base DNS
   standards [RFC1034] [RFC1035] and their various updates specify how
   to combine labels into fully-qualified domain names and parse labels
   out of those names.

   This document describes two separate protocols, one for IDN
   registration (Section 4) and one for IDN lookup (Section 5).  These
   two protocols share some terminology, reference data, and operations.

In other words, section 5 is only for the case where you have what you
think is an A-label or a U-label.  It doesn't restrict anything that
is _not_ an IDNA2008 label.  But it also isn't a protocol for those,
and it can't be because DNS labels are just octets for the purposes of
the protocol.

But, if you are in an IDNA context and you get ab--cd, you should
reject it because it's not well-formed input.


Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the Idna-update mailing list