[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNSOP] new draft about idn tld variants implementation

To: Ray.Bellis at nominet.org.uk
Subject: Re: [DNSOP] new draft about idn tld variants implementation
From: Mark Andrews <marka at isc.org>
Date: Fri, 16 Oct 2009 09:03:38 +1100
Cc: Yao Jiankang <yaojk at cnnic.cn>, dnsop at ietf.org
Delivered-to: dnsop at core3.amsl.com
In-reply-to: Your message of "Thu, 15 Oct 2009 14:43:52 BST." <OF239D6E1E.8748C878-ON80257650.004A25FE-80257650.004B6D89 at nominet.org.uk>
List-archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-help: <mailto:dnsop-request@ietf.org?subject=help>
List-id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-post: <mailto:dnsop@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
References: <004a01ca4d9a$9b866920$63c0ab73 at YaoJK> <OF239D6E1E.8748C878-ON80257650.004A25FE-80257650.004B6D89 at nominet.org.uk>
Sender: marka at isc.org

In message <OF239D6E1E.8748C878-ON80257650.004A25FE-80257650.004B6D89 at nominet.o
rg.uk>, Ray.Bellis at nominet.org.uk writes:
> > comments are welcome. thanks. 
> 
> There are, in my opinion, two problems with the DNAME method that affect 
> the application layer that are rarely mentioned.  Perhaps this is because 
> I am wrong about them and they are not real problems, so feedback would be 
> useful.
> 
> 1.  "Host:" headers
> 
> If a registry (or other parent zone) unilaterally adds DNAME records that 
> alias a new IDN label to a current ccTLD style ASCII label, application 
> servers which are only configured to accept requests for the ASCII form of 
> the label will reject requests made using the IDN form.
> 
> i.e. if your Apache server is configured with:
> 
>   ServerName www.cnnic.cn
> 
> it will reject requests for www.cnnic.中国 unless the appropriate 
> ServerAlias is also configured.

	So what?  And for www.cnnic.xn--xxxxx.  Once the DNAME is
	in place operators will put the alias in place. 

> 2.  SSL Subject Names
> 
> Similarly an SSL request for the IDN version of a domain name will fail 
> unless the SSL certificate also includes a "Subject Alternate Name" for 
> the IDN version.
> 
> Whilst the same problems can also occur with the NS method, I believe that 
> the risk for confusion is much reduced if the creation of each IDN label 
> is controlled by the domain owner, and not done automatically by the 
> parent.
> 
> The domain owner can then make the choice for themselves whether to 
> support both IDNs and ASCII labels, and configure their web servers etc 
> appropriately.

	Again, so what?

	Mark
 
> kind regards,
> 
> Ray
> 
> -- 
> Ray Bellis, MA(Oxon) MIET
> Senior Researcher in Advanced Projects, Nominet
> e: ray at nominet.org.uk, t: +44 1865 332211
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

References:
- Re: [DNSOP] new draft about idn tld variants implementation
  - From: Ray . Bellis

Prev by Date: Re: [DNSOP] new draft about idn tld variants implementation
Next by Date: Re: [DNSOP] new draft about idn tld variants implementation
Previous by thread: Re: [DNSOP] new draft about idn tld variants implementation
Next by thread: Re: [DNSOP] new draft about idn tld variants implementation
Index(es):
- Date
- Thread