[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone

To: "Edmon" <edmon@neteka.com>, "Erik Nordmark" <Erik.Nordmark@eng.sun.com>
Subject: Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
From: "James Seng/Personal" <jseng@pobox.org.sg>
Date: Fri, 25 Jan 2002 09:48:09 +0800
Cc: Patrik Fältström <paf@cisco.com>, "Masahiro Sekiguchi" <seki@jp.fujitsu.com>, "IETF-IDN" <idn@ops.ietf.org>
References: <Roam.SIMC.2.0.6.1011868667.10127.nordmark@bebop.france> <005001c1a4f2$402fcd40$0601a8c0@neteka.com>

For the same reasons as the thread on CDN, (ie, not of core interest),
this thread is also out of scope so please bring it offline.  I already
give you my comments offline.

Thanks!

-James Seng

----- Original Message -----
From: "Edmon" <edmon@neteka.com>
To: "Erik Nordmark" <Erik.Nordmark@eng.sun.com>
Cc: "Patrik Fältström" <paf@cisco.com>; "Masahiro Sekiguchi"
<seki@jp.fujitsu.com>; "IETF-IDN" <idn@ops.ietf.org>
Sent: Friday, January 25, 2002 12:14 AM
Subject: Re: [idn] Re: Optional & Additional Character Equivalence
Preparations by Zone


> ----- Original Message -----
> From: "Erik Nordmark" <Erik.Nordmark@eng.sun.com>
> > If the DNS servers don't care about potential DoS attacks and having
> on-line
> > keys then signing on the fly could work. But that is a huge "if".
> > The DoS attack is that anybody can send DNS queries to have the DNS
server
> > spend all its CPU generating signatures on the fly.
> > Sure sounds like a bad design from a security and robustness
perspective.
> >
> Which is why I said it is not advisable.  But it is a possibility.
>
> > I don't understand what "opt-in" has to do with IDN. Could you
please
> explain?
>
> Multilingual names that have character equivalency issues will have to
> opt-out of DNSSEC.
>
> > Your third idea (SIG RRs for all permutations) has a natural
follow-on:
> > If you have enough memory/storage for the large SIG RRs for all
> permutations
> > then the additional memory/storage for the underlying RRs for all
> permutations
> > will be very small. So in practise this sounds like creating all
> permutations
> > in the zone file e.g. at registration time.
> > That (or just a subset of all permutations picked at registration
time)
> has the
> > benefit of not requiring any changes to the DNS server software.
>
> Erik, honestly, I dont have the exact "best" solution yet.  My point
is that
> there are "possibilities" and we should not rule the entire thing out
just
> because it might be a bit difficult.  I really want to stop talking
about
> this subject on this list, but it seems to me very irresponsible,
especially
> considering that I am an implementor of this technology that I would
have to
> tell my customers that:
> A.example  is NOT the same as A.example
> How can I do that?  Any normal person in this world would not accept
this,
> yet I am creating a system that force them to accept that.  I could
step
> back and say, "o well, buyers beware", but it just doesnt seem right.
Do
> you think it is right?
>
> Edmon
>
>

References:
- Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
  - From: Erik Nordmark <Erik.Nordmark@eng.sun.com>
- Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
  - From: "Edmon" <edmon@neteka.com>

Prev by Date: Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
Next by Date: Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
Previous by thread: Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
Next by thread: Re: [idn] Re: Optional & Additional Character Equivalence Preparations by Zone
Index(es):
- Date
- Thread