[Technical Errata Reported] RFC5890 (4695)

RFC Errata System rfc-editor at rfc-editor.org
Tue May 17 17:58:00 CEST 2016 

The following errata report has been submitted for RFC5890,
"Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=5890&eid=4695

--------------------------------------
Type: Technical
Reported by: Juan Altmayer Pizzorno <juan at sparkpost.com>

Section: 2.3.2.1

Original Text
-------------
expansion of the A-label form to a U-label may produce strings that are
much longer than the normal 63 octet DNS limit (potentially up to 252
characters)

Corrected Text
--------------
expansion of the A-label form to a U-label may produce strings that are
much longer than the normal 63 octet DNS limit (potentially up to 59
Unicode code points or 236 octets)

Notes
-----
The contents of U-labels are encoded in the up to 59 ASCII characters (see 2.3.2.1 itself)
output by the Punycode algorithm in their corresponding A-labels.  The Punycode
decoder (https://tools.ietf.org/html/rfc3492#section-6.2) consumes at least one
of those ASCII characters for each code point inserted into the U-label. An U-label,
thus, can contain at the most 59 Unicode code points.

Since U-labels are defined (in 2.3.2.1) to be expressed in a standard Unicode Encoding
Form, and UTF-32, UTF-16 and UTF-8 (as revised by RFC3629) all can encode a code
point in at most 4 octets, 236 octets is an upper bound for an U-label's length.

I think it should be possible to derive a tighter bound, but its rationale would likely be
less straighforward.

I imagine the number 252 was originally derived by multiplying 63, the maximum
length of an A-label (including the "xn--" prefix), by 4, the maximum number of
octets needed to represent a code point.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party (IESG)
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC5890 (draft-ietf-idnabis-defs-13)
--------------------------------------
Title               : Internationalized Domain Names for Applications (IDNA): Definitions and Document Framework
Publication Date    : August 2010
Author(s)           : J. Klensin
Category            : PROPOSED STANDARD
Source              : Internationalized Domain Names in Applications (Revised)
Area                : Applications
Stream              : IETF
Verifying Party     : IESG

More information about the Idna-update mailing list