[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] New protocol proposal: IDNRA
Let me add a few words on this: I see the IDN problems classified in
certain group.
Group A: The encoding use at various level.
Group B: Canonicalization/Normalization and language problems
Group C: Deployment and integration
Group D: Transitison from ASCII DN to IDN
Each group is somewhat independent of each another.
As I see it, IDNRA is a Group C I-D. It describe one possible deployment
and integration. It may not be ideal but it may be one of the possible
integration strategy we take.
For example, we may have a transition I-D which describe we use
Deployment 1 in short term, then move to IDNRA for mid term, then to
EDNS0 for long term.
-James Seng
John C Klensin wrote:
>
> --On Sunday, 27 August, 2000 21:14 -0700 Bill Manning
> <bmanning@ISI.EDU> wrote:
>
> > We have some metrics on diffusion rates of new code
> > in the DNS. If significant vulnerabilities exist,
> > they are generally mitigated in about 18 months, at least
> > based on current data.
>
> Once again, the issue is really not the DNS, but the
> applications. And that is true independent of the solution
> chosen unless the entire path from UI to APIs to resolver is
> completely insensitive to the presence of names outside the
> traditional format and set of characters. This is not an
> argument against moving forward as quickly as possible; it is an
> argument against selecting any solution that depends on a "short
> period of pain, then everything will be ok" model.
>
> That said, would you care to define "significantly mitigated" in
> statistical or loss function terms. We _know_ that new versions
> of popular servers and resolvers don't deploy that quickly: as
> has been pointed out, we've still got versions of
> vendor-provided BIND 4 in moderately wide use. How would you
> characterize, based on the data you have available, the
> percentage penetration of the new/ fixed code? The percentage
> weighted by resolution activity rate? Penetration at the upper
> levels of the tree (e.g., 2nd - 4th level domains) versus lower
> down? Penetration inside and outside enterprise networks? And
> so on?
>
> john