Lookup for reserved LDH labels

John C Klensin klensin at jck.com
Wed Nov 7 08:14:55 CET 2012


Mark and Vint are correct.  Two small details inline below.

--On Tuesday, 06 November, 2012 16:43 +0100 Marcos Sanz
<sanz at denic.de> wrote:

> Dear all,
> I had this small discussion with Mark and Markus and, despite
> our treefold  homonymy, we couldn't get to common ground, so
> I've decided to get a  reading of the standard directly from
> the IDNA2008 editors.
> According to my interpretation (cf. RFC 5891, Section 5) the
> lookup  protocol relies on the assumption that names that are
> already present in  the DNS are valid. And, in fact, I have a
> bunch of domains in my database  with hyphens in the third and
> fourth position, so-called reserved LDH  labels that are not
> XN-labels (s. nomenclature in RFC 5890, Section
> Take for instance "ad--acta.de". My expectation would be that 
> "Putative U-labels with any of the following characteristics
> MUST be  rejected prior to DNS lookup:
> [·..]
>  o  Labels containing '--' (two consecutive hyphens) in the
> third and  fourth character positions."
> On my side, I claim that that restriction simply does not
> apply because  "ad--acta.de" is not a "putative U-label", in
> fact it is no U-label at all  (cf. U-Label definition in RFC
> 5890, Section

The term "putative U-label" was used precisely to cover the cast
of things that could not possibly be "U-labels".  That includes
not only [valid] U-labels (if it isn't valid, it isn't a
U-label), but XN-- labels that aren't U-labels _and_ anything
else with "--" in the third and forth positions.  The intent
--which I think actually goes back to IDNA2003 although I don't
have time to check right now-- is to reserve the entire family
of labels with hyphens in that position for special purpose use
with this and special protocols.  The conformance rule is
essentially that one can either not support IDNA at all or, if
IDNA is supported, must not look up those labels with other
prefixes unless the prefix is standardized for some other use
that is also supported.

> Thus, the protocol should never fail on lookup for
> "ad--acta.de". Is that  correct?

It is not.  See above.

> * FWIW idnkit-2.2 works according to my expectations, ICU does
> not.

That is a bug in the former.

best regards,

More information about the Idna-update mailing list