[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] new draft about idn tld variants implementation

To: "Yao Jiankang" <yaojk at cnnic.cn>
Subject: Re: [DNSOP] new draft about idn tld variants implementation
From: Ray.Bellis at nominet.org.uk
Date: Thu, 15 Oct 2009 14:43:52 +0100
Cc: dnsop at ietf.org, dnsop-bounces at ietf.org
Delivered-to: dnsop at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=Ray.Bellis at nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1255614235; x=1287150235; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray.Bellis at nominet.org.uk|Subject:=20Re:=20[DNSO P]=20new=20draft=20about=20idn=20tld=20variants=20impleme ntation|Date:=20Thu,=2015=20Oct=202009=2014:43:52=20+0100 |Message-ID:=20<OF239D6E1E.8748C878-ON80257650.004A25FE-8 0257650.004B6D89 at nominet.org.uk>|To:=20"Yao=20Jiankang" =20<yaojk at cnnic.cn>|Cc:=20dnsop at ietf.org,=0D=0A=09dnsop-b ounces at ietf.org|MIME-Version:=201.0|In-Reply-To:=20<004a0 1ca4d9a$9b866920$63c0ab73 at YaoJK>|References:=20<004a01ca4 d9a$9b866920$63c0ab73 at YaoJK>; bh=yFU7DscG6oW9pzFE0icPMURRA/3korSyAdo7fuJWkdA=; b=S333hZslRlX3ZY8Oc2HzHZ/MkgBr1SlIAQ1HcYj8YdmtdFIZhDFIsMlV is0j5ZDDlHGsgjb1xHfBNx1G3GeAI+QIebKEfwXgjdRM34dGh4Hyo8aez CDZeOswuVxKeWOC;
Domainkey-signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:In-Reply-To:References:To:Cc: Subject:MIME-Version:X-Mailer:Message-ID:From:Date: X-MIMETrack:Content-Type; b=fZwovLG9grGJStT2aoLHm/4G1Gr6uuNt/mpx5RWU4eAKVQMsDxPQxjEr xdpn3kfToAQpiJYyjCIXQtactQN4rEiJczUnvXfe6Dt4sKpx/Iv34Ernz 23zOMxbEG77K37u;
In-reply-to: <004a01ca4d9a$9b866920$63c0ab73 at YaoJK>
List-archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
References: <004a01ca4d9a$9b866920$63c0ab73 at YaoJK>

> comments are welcome. thanks.

There are, in my opinion, two problems with the DNAME method that affect the application layer that are rarely mentioned. Perhaps this is because I am wrong about them and they are not real problems, so feedback would be useful.

1. "Host:" headers

If a registry (or other parent zone) unilaterally adds DNAME records that alias a new IDN label to a current ccTLD style ASCII label, application servers which are only configured to accept requests for the ASCII form of the label will reject requests made using the IDN form.

i.e. if your Apache server is configured with:

ServerName www.cnnic.cn

it will reject requests for www.cnnic.中国unless the appropriate ServerAlias is also configured.

2. SSL Subject Names

Similarly an SSL request for the IDN version of a domain name will fail unless the SSL certificate also includes a "Subject Alternate Name" for the IDN version.

Whilst the same problems can also occur with the NS method, I believe that the risk for confusion is much reduced if the creation of each IDN label is controlled by the domain owner, and not done automatically by the parent.

The domain owner can then make the choice for themselves whether to support both IDNs and ASCII labels, and configure their web servers etc appropriately.

kind regards,

Ray

-- Ray Bellis, MA(Oxon) MIET Senior Researcher in Advanced Projects, Nominet e: ray at nominet.org.uk, t: +44 1865 332211

Follow-Ups:
- Re: [DNSOP] new draft about idn tld variants implementation
  - From: Mark Andrews

Prev by Date: [DNSOP] new draft about idn tld variants implementation
Next by Date: [DNSOP] Fw: New Version Notification for draft-bellis-dns-recursive-discovery-00
Previous by thread: [DNSOP] new draft about idn tld variants implementation
Next by thread: Re: [DNSOP] new draft about idn tld variants implementation
Index(es):
- Date
- Thread