Lookup for reserved LDH labels

Simon Josefsson simon at josefsson.org
Wed Nov 7 09:51:05 CET 2012


Marcos Sanz <sanz at denic.de> writes:

> Thus, the protocol should never fail on lookup for "ad--acta.de". Is that 
> correct?

I believe the intention is that it should fail, however the lookup
specification has an issue here.

The problem is that any implementation that takes an all-ASCII string
(like "foo" or "ad-acta") and follows the steps in section 5 of RFC 5891
will (if the string is permitted for lookup) end up in a punycode
encoded string.  For example, the input "foo" will be converted into
"xn--foo-".

To avoid this problem, I suspect implementers typically check whether
the input is all ascii before proceeding with the section 5 stuff.  This
has a side effect that your string will be permitted.

One way to resolve this is to modify section 5.5 in RFC 5892 like this:

OLD:
   The string that has now been validated for lookup is converted to ACE
   form by applying the Punycode algorithm to the string and then adding
   the ACE prefix ("xn--").

NEW:
   Any string that has now been validated for lookup and contains
   Unicode code points is converted to ACE form by applying the Punycode
   algorithm to the string and then adding the ACE prefix ("xn--").
   Strings containing only ASCII characters MUST NOT be Punycode
   encoded.

/Simon


More information about the Idna-update mailing list