[idn] Re: My thoughts so far

[Harald Tveit Alvestrand <Harald@Alvestrand.no>]

At 18:14 11.02.00 +0800, James Seng wrote:
>Harald Tveit Alvestrand wrote:
> > I'm not sure - I would think that it was reasonable that if someone asked
> > for a PTR record for 4.3.2.1.in-addr.arpa, the bytes entered into the
> > database by the administrator of the 3.2.1.in-addr.arpa zone would be
> > returned.
>
>Actually, this is more conseqences then it appears.
>
>For example,
>
>Some.Multilingual.Domain        -> IP
>IP                              -> some.multilingual.domain
>
>If it is english, seem pretty simple enough since we just do a case
>insenstivity comparsion. But what about multilingual case comparsion?

actually this so-called "security" check is pretty useless in most real 
cases; you have to do at least 4 lookups before you can reasonably expect 
to have an opinion about whether something is well mapped back or not.
check:

www.alvestrand.no -> CNAME dokka.alvestrand.no
dokka.alvestrand.no -> 195.139.236.69
195.139.236.69 -> dokka.maxware.no
dokka.maxware.no -> 195.139.236.69

It gets progressively worse for routers and other boxes that have many IP 
addresses for legitimate reasons, especially if some of their interfaces 
have Net-10 addresses, or the admins sincerely don't believe in 
reverse-mapping.

So the problem of non-match here might not be terribly interesting, or else 
an area where the admin has to take care anyway.

               Harald

--
Harald Tveit Alvestrand, EDB Maxware, Norway
Harald.Alvestrand@edb.maxware.no