Re: [idn] length restrictions on IDN label

[Soobok Lee <lsb@postel.co.kr>]

Mark.Andrews@isc.org wrote:

>	Well if you use raw utf-8 today int the DNS you are limited to
>	63 octets per label.  255 octets for a domain name.  As long as
>	you continue to use the same label encoding you are limited to
>	63 octets.  YMMV at levels other than the DNS.
>
Sure.
If the limit may vary at levels (applications)other than the DNS, the
utf8 labels may exceed 63 octets
in appliction protocol formats (not for display) and the implementors
should reserve enough buffer
spaces for ToUnicoded(ACE) utf8 labels. This really matters because many
programmers favor
utf8 as internal representation format of unicode strings for its ascii
compatibility.

Most applications programmer have been reserving 256 bytes for any LDH
FQDN buffer space .
But that convention should be changed to cover the cases of long utf8
IDN FQDN which may be
3 or 4 times longer than 256 octets. So, 1024 or 768 bytes are good. But
those utf8 FQDN cannot
be put into single UDP packet of DNS response/query. This will constrain
future DNS protocol
update efforts around utf8 supports in wire format. TOday's long iDNs
may be one of the obstacles
in the way to the effort.

If this warning is neglected by application programmers,
some remote malicious crackers will send to users' applications long ACE
IDNs manufactured to
cause buffer overflow errors when toUnicoded and seaze control of the
machine.


Soobok Lee