Lookup for reserved LDH labels
John C Klensin
klensin at jck.com
Wed Nov 7 08:14:55 CET 2012
Mark and Vint are correct. Two small details inline below.
--On Tuesday, 06 November, 2012 16:43 +0100 Marcos Sanz
<sanz at denic.de> wrote:
> Dear all,
> I had this small discussion with Mark and Markus and, despite
> our treefold homonymy, we couldn't get to common ground, so
> I've decided to get a reading of the standard directly from
> the IDNA2008 editors.
> According to my interpretation (cf. RFC 5891, Section 5) the
> lookup protocol relies on the assumption that names that are
> already present in the DNS are valid. And, in fact, I have a
> bunch of domains in my database with hyphens in the third and
> fourth position, so-called reserved LDH labels that are not
> XN-labels (s. nomenclature in RFC 5890, Section 22.214.171.124).
> Take for instance "ad--acta.de". My expectation would be that
> "Putative U-labels with any of the following characteristics
> MUST be rejected prior to DNS lookup:
> o Labels containing '--' (two consecutive hyphens) in the
> third and fourth character positions."
> On my side, I claim that that restriction simply does not
> apply because "ad--acta.de" is not a "putative U-label", in
> fact it is no U-label at all (cf. U-Label definition in RFC
> 5890, Section 126.96.36.199).
The term "putative U-label" was used precisely to cover the cast
of things that could not possibly be "U-labels". That includes
not only [valid] U-labels (if it isn't valid, it isn't a
U-label), but XN-- labels that aren't U-labels _and_ anything
else with "--" in the third and forth positions. The intent
--which I think actually goes back to IDNA2003 although I don't
have time to check right now-- is to reserve the entire family
of labels with hyphens in that position for special purpose use
with this and special protocols. The conformance rule is
essentially that one can either not support IDNA at all or, if
IDNA is supported, must not look up those labels with other
prefixes unless the prefix is standardized for some other use
that is also supported.
> Thus, the protocol should never fail on lookup for
> "ad--acta.de". Is that correct?
It is not. See above.
> * FWIW idnkit-2.2 works according to my expectations, ICU does
That is a bug in the former.
More information about the Idna-update