[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] length restrictions on IDN label

To: James Seng <jseng@pobox.org.sg>
Subject: Re: [idn] length restrictions on IDN label
From: Soobok Lee <lsb@postel.co.kr>
Date: Mon, 14 Oct 2002 19:49:55 +0900
Cc: idn@ops.ietf.org
References: <20021013065656.GA22861@postel.co.kr> <p05200a0ab9cf503b5197@[165.227.249.18]> <20021014015432.GA20396@postel.co.kr> <p05200a03b9cfd860cf8a@[165.227.249.18]> <3DAA2F3C.8080109@postel.co.kr> <p05200a04b9cfdfc58b2c@[165.227.249.18]> <3DAA3486.1050003@postel.co.kr> <02e601c27334$24e55c60$ad00a8c0@JSENGTOSHIBA> <3DAA4434.5050707@postel.co.kr> <030201c27338$af22a000$ad00a8c0@JSENGTOSHIBA> <3DAA4E7F.3030504@postel.co.kr> <3DAA50F1.5030200@postel.co.kr> <034101c27361$ebd54600$ad00a8c0@JSENGTOSHIBA> <3DAA929F.1070409@postel.co.kr> <03fe01c2736b$18ef0e10$ad00a8c0@JSENGTOSHIBA>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2a) Gecko/20020910

James Seng wrote:

Your argument stands only in DNS on-the-wire context. IN all other
protocol/display
contexts, utf8 labels are legitimate domain labels. That is why zone
admins may input
their labels in utf8 into their zone files and end users recoginze them
as domain names.
utf8 labels have no meaning as domain name labels, as currently defined in
RFC 1034/1035, whether on wire or otherwise. anything above 127 is a
no-man-zone-use-it-at-your-own-risk.

Then, you should not convert ACE-form iDN int  UTF8 and render it for users.
Doesn't this Looks absurd ?  You claims seem against IDNA drafts.
My current argument is based on IDNA draft section 6.

If you mean IDN labels encoded in UTF-8, then the restriction is fairly
simply, one already explained to you multiple times, octet(ToASCII(X))<=63.

Moreover,
I didn't limit my question into DNS and its protocols (just 'protocol',
DNS is not the 'all')
Rather, that may span into all application protocols that use domain

names,

like future ESMTP.

Then it is worst then you think. This working group is definately not going
to be able to address all the concerns of all application protocols that
uses domain names, much less a future work in ESMTP. That work should be
address in other specific applications protocol and DEFINATELY not in this
working group.

I still hope to conclude this working group within the next few months and
get on with my life, dealing with other IDN related issues.

There will be many application protocols (IETF's or home-made) that
may exchange utf8-form labels as protocols elements (not for human eyes)
according to IDNA section 6.1-3. IDNA draft granted such use of utf8
labels as legitimate one.
Then shouldn't that application protocol be updated?

Home-made or legacy protocols outnumbers IETF protocols.
Moreoever, when even IETFers begin to update some protocols to use
utf8 labels under IETF umbrella, they will be stuck at this stone: utf8 label length.
They will find an utf8 label may have 168 octets, contrary to RFC1035.
When IDNA draft granted utf8 label use in application protocols, it is natural that
it should have also specified utf8 label length restrictions.

Length restriction should be clarified before IDN deployments.
Currently valid IDN label should not be invalidated in the future due to
today's misspecifications.

Yes, it should be clarify if there is any confusion.

But there is no confusion as far as I know. The length restriction is quite
clear, octet(ToASCII(X))<=63. Or are you still confused?

To avoid buffer overflow errors and security breaches, label length

issues

are practically important to implementors who want to estimate enough
buffer
spaces for IDN labels.

Since when implementation issue is part of the working group charter?

Please stop....Some might be scared by your FUD.

-James Seng

As one security programmer, i think the above issue is very important.
James, you begin to be nervous, typical of you. Be comfortable and easy.
The audiences are knowledgable,experienced and prudent enough.

Soobok Lee

Follow-Ups:
- Re: [idn] length restrictions on IDN label
  - From: "James Seng" <jseng@pobox.org.sg>

References:
- [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: "James Seng" <jseng@pobox.org.sg>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: "James Seng" <jseng@pobox.org.sg>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: "James Seng" <jseng@pobox.org.sg>
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>
- Re: [idn] length restrictions on IDN label
  - From: "James Seng" <jseng@pobox.org.sg>

Prev by Date: Re: [idn] length restrictions on IDN label
Next by Date: Re: [idn] length restrictions on IDN label
Previous by thread: Re: [idn] length restrictions on IDN label
Next by thread: Re: [idn] length restrictions on IDN label
Index(es):
- Date
- Thread