Re: [idn] Canonicalization: [28] through [31]

[RJ Atkinson <rja@inet.org>]

At 11:46 26/06/00 , Maurizio Codogno wrote:

> > From: RJ Atkinson <rja@inet.org>
>
> > To achieve interoperability, canonicalisation MUST be done at
> > a single well-defined place in the DNS resolution process.  One 
> > could imagine either doing it in the client resolver or in 
> > the server.  
>
>I had the impression that canonicalization (c14n? :-) ) as an
>idempotent operation, that is, if you recursively apply canonicalization
>to a name you'll keep obtaining the same result. 

True but irrelevant.

>At that point, I think that it could be safe to add canonicalization 
>both at resolver and at server, so that even if one of those fails 
>we get the correct result anyway.

This doesn't work in practice.  Example:  Client assumes server
performs canonicalisation,  but its server assumes the client
performs canonicalisation --> result is either a failure or
an erroneous returned value to the original application's
desired DNS lookup.

To be interoperable, we have to clearly specify where
canonicalisation MUST be implemented and MUST occur. Then
ALL implementations of that component will behave identically.

For reasons related to scaling, there are advantages to forcing
the DNS resolver client to perform canonicalisation PRIOR to
putting each DNS request onto the wire.  

In short, we ought to say that:
1) An on-the-wire DNS request is always in canonical form already,
hence DNS resolver clients MUST implement and MUST perform full
canonicalisation.

AND

2) An on-the-wire DNS reply will always be in canonical form,
hence DNS servers are forbidden from mangling the received request
and forbidden from sending the response information in any local
non-canonical format that might (hypothetically) exist.

Ran
rja@inet.org