[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: about NSI ML-testbed and i-DNS proxy's vulnerability

non-member bounce?

james

> From: Tan Tin Wee <tinwee@bic.nus.edu.sg>
> To: James Seng <James@Seng.cc>
> CC: Soobok Lee <lsb@postel.co.kr>, idn@ops.ietf.org, wissorh@ar.com
> Subject: Re: [idn] Re: about NSI ML-testbed and i-DNS proxy's vulnerability
>
> I might be able to comment on proxy solutions.
>
> In 1998, APNG project at the National University of Singapore
> produced a prototypic proxy DNS solution which implemented
> Martin Duerst's UTF-5 as a proof of concept, probably the first
> few steps toward the demonstration of the
> feasibility of multilingual domain names.
>
> Before that, as I understand from Martin, every one was telling him it
> was not possible, and that he deliberately wrote the UTF5 draft
> to show it is possible. (Martin, would you like to comment?)
>
> In the testbed we ran with specific institutions in the Asia Pacific,
> some colleagues had access to prototype proxy software to test on their
> locations. Some of them have emerged with their own test versions of
> a proxy type solution.
>
> In 1999, we received a grant from the IDRC's Pan
> Asia Networking Research grant to work on a prototype for IPv6
> which is also a proxy type solution. Work on that has been wrapped up
> and superseded by recent developments and events in IETF and MINC.
>
> Since then various groups eg. JPNIC, KRNIC, CNNIC, TWNIC
> and companies such as i-DNS.net, Neteka, Worldnames/.NU,
> and many others have emerged with
>
> 1. client solutions
> 2. server solutions
> 3. client-server solutions and
> 4. proxy solutions.
>
> As far as proxy solutions are concerned,
> one example among others is the test kit by JPNIC mDNS which
> has elements of a proxy solution. You might be referring to this.
>
> Most companies appear to have moved towards client-
> or server- solutions or combinations.
> These include some members of MINC consortium.
>
> Some Useful References for your background information:
>
> IDRC: http://www.panasia.org.ca
>       http://www.idrc.org.sg/
>       http://www.idrc.ca/
> APNG: http://www.apng.org/commission/idns
> MINC: http://www.minc.org/
>
> Neteka: http://www.neteka.com/
> Worldnames: http://www.worldnames.net/
> i-DNS.net Int'l Inc: http://www.i-dns.net/
>
> JPNIC: http://www.nic.ad.jp/
> Information on JPNIC's mDNkit
> http://www.nic.ad.jp/en/topics/archive/20001024-01.html
> http://www.nic.ad.jp/en/research/idn/
> http://www.nic.ad.jp/jp/research/idn/mdnkit/html/ja/faq/index.html
>
> bestrgds
> --
> Tan Tin Wee
> Acting CEO
> MINC Secretariat
>
>
> James Seng wrote:
> >
> > Cant comment on NSI.
> >
> > However, I am kind of interested to know what 'i-DNS Proxy' you talking
about
> > because there i-DNS.net has no "DNS-PROXY" solution. Neither has any of
our
> > product is dependent on Netscape or IE or any platform in particular.
> >
> > Secondly, ML.com is a special testbed and i-DNS.net has not even release
any
> > software which is meant for ML.com yet. We are going to release certain
> > software designed to work with ML.com when the testbed starts.
> >
> > So I don't know where you get these informations below and how you arrived
to
> > the conclusion. Please clarify.
> >
> > -James "speaking as i-DNS.net I suppose" Seng
> >
> > >   NSI's early Resolution phase appears to need a transistion solution ,
> > i-dnx proxy.
> > >   But, i-DNS's DNS-PROXY  fails to resolve
> > >      native-code ML-queries from Netscape 4.X on WIN9X plaforms
> > >      without CCS conflicts. NN on WIN9X does not speak UTF8 on HTTP and
DNS
> > queries.
> > >       It may mislead web surfers to wrong sites and may cause security
> > problems.
> > >       It may isolate Netscape users from others, contrary to IAB's
> > recommendation RFC 2825.
> > >    I-DNS proxy is dangerous to be deployed as a transition solution.
> > >
> > >   Would you comment on this?
>