Unconditional punycode conversion

Vint Cerf vint at google.com
Wed Mar 9 21:31:12 CET 2011


if you are writing code that is supposed to handle internationalized domain
names, IDNA2008 is what you are supposed to follow. That means your code
DOES have to recognize the restricted LDH subset and reject any label of the
form "ab--" except "xn--" and in THAT case you have to make sure what
follows is a valid ACE encoding of an allowed Unicode string. An "IDNA2008"
label is a label that conforms to IDNA2008 constraints.

vint cerf

On Wed, Mar 9, 2011 at 3:21 PM, Simon Josefsson <simon at josefsson.org> wrote:

> Andrew Sullivan <ajs at shinkuro.com> writes:
> > On Wed, Mar 09, 2011 at 07:27:47PM +0100, Simon Josefsson wrote:
> >> My reading has been that RFC 5891 section 5 specify the steps needed to
> >> validate a domain name before it is looked up.  If there is no rule in
> >> there to invalidate "ab--cd" the label will be looked up.  Is this
> >> reading not the intended one?
> >>
> >
> > Ah, I get it.  RFC 5891 section 5 specifies the steps to look up an
> > _IDNA2008_ label.  This is called out in the Introduction:
> >
> >    IDNA applies only to a specific subset of DNS labels.  The base DNS
> >    standards [RFC1034] [RFC1035] and their various updates specify how
> >    to combine labels into fully-qualified domain names and parse labels
> >    out of those names.
> >
> >    This document describes two separate protocols, one for IDN
> >    registration (Section 4) and one for IDN lookup (Section 5).  These
> >    two protocols share some terminology, reference data, and operations.
> >
> > In other words, section 5 is only for the case where you have what you
> > think is an A-label or a U-label.  It doesn't restrict anything that
> > is _not_ an IDNA2008 label.  But it also isn't a protocol for those,
> > and it can't be because DNS labels are just octets for the purposes of
> > the protocol.
> This was not clear to me.  Section 5.1 and 5.2 gives the distinct
> impression that section 5 is about the _entire_ domain name process, for
> all kind of labels, from reading the label from the user to looking them
> up in the DNS.  Programs typically doesn't have separate input fields
> for LDH-labels and U-labels, so normal programs needs to be prepared for
> both.  So while section 5 gave me the impression that it covers all kind
> of domain name lookup processing, all the rules only applies to the
> subset of labels that contain non-ascii characters or looks like
> A-labels?  For improved clarity this point could be re-inforced in or
> after section 5.1 or 5.2 before the IDNA lookup algorithm is specified.
> Btw, technically what do you mean by a "IDNA2008 label"?  I can't find
> any definition of the term.
> Thanks,
> /Simon
> _______________________________________________
> Idna-update mailing list
> Idna-update at alvestrand.no
> http://www.alvestrand.no/mailman/listinfo/idna-update
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.alvestrand.no/pipermail/idna-update/attachments/20110309/75961000/attachment-0001.html>

More information about the Idna-update mailing list