Re: [dnssd] A concrete example of the Punycode fallback variants for the <Domain> portion
Douglas Otis <doug.mtview@gmail.com> Mon, 16 December 2013 20:00 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E44A11ADEB7 for <dnssd@ietfa.amsl.com>; Mon, 16 Dec 2013 12:00:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVqQgJh8idW5 for <dnssd@ietfa.amsl.com>; Mon, 16 Dec 2013 12:00:54 -0800 (PST)
Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id C59781AD739 for <dnssd@ietf.org>; Mon, 16 Dec 2013 12:00:53 -0800 (PST)
Received: by mail-ie0-f182.google.com with SMTP id as1so7193576iec.13 for <dnssd@ietf.org>; Mon, 16 Dec 2013 12:00:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=oPlG0HmnWGLQfhX68V5jkRGZjhN671AFxtwVPSt+EpE=; b=Rs6EJI8xkXSwh2gRWziZXtIrhjaB0Nn7EM4bNRbC3ecQUHsRdYfA0/xWwiVEGp1tFv jl2Js/gaQDv89BuRBTQ2xfx1lwxyF+6rQyS/lapWzApGcJKRtJxbwb4HUdBAaYV7FQnt fzBEMrzbfejnNsUl34pAbBcnLfQ7aTp2Ik7pFlUT2TcWTjqc9UQnwqWdzd0hKx5l7QoS haXz0L08DtA3J1lw/PW8eX9JaIA2Ifvik4hMQBfjyR28/IQWktU1saaSyDD/RuPJGxap TJLcxzTlYOG0pjSLuVRl+CiAzICPbAHclviOdnvcJ5hVOcR3P+DW2zfCdvXHsPQX37l2 txRg==
X-Received: by 10.50.61.232 with SMTP id t8mr16461467igr.32.1387224052876; Mon, 16 Dec 2013 12:00:52 -0800 (PST)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id j3sm11654873igj.9.2013.12.16.12.00.51 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 16 Dec 2013 12:00:52 -0800 (PST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <20131216174533.GD1828@mx1.yitter.info>
Date: Mon, 16 Dec 2013 12:00:45 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <F5F1642F-0E46-4AE8-A4A1-185FEA87424E@gmail.com>
References: <2966D8D9-16B5-4A95-97DC-606BB4338043@gmail.com> <20131215155347.GA65994@mx1.yitter.info> <81AD729F-6FA1-4290-8EEF-6F6333AA6638@isi.edu> <2831E050-956E-4A8F-832B-EA75A5165BCF@gmail.com> <20131216174533.GD1828@mx1.yitter.info>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
X-Mailer: Apple Mail (2.1822)
Cc: dnssd@ietf.org
Subject: Re: [dnssd] A concrete example of the Punycode fallback variants for the <Domain> portion
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 20:00:58 -0000
On Dec 16, 2013, at 9:45 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote: > Hi, > > I'm not sure I entirely understand your message. But. . . > > On Mon, Dec 16, 2013 at 09:07:31AM -0800, Douglas Otis wrote: >> >> 1) Hostnames should be subjected to the same canonicalization to >> establish valid UTF-8 strings prior to conversion. Bonjour already >> supports a means to override naming conflicts often seen as a >> prefixed number value (n). Once proper canonicalization is applied, >> users may be required to adjust the hostname if unhappy with the >> results. > > When you say "the same canonicalization", what do you mean? The DNS > owner names that result from RFC 6763 are in Net-Unicode (RFC 5198); > this entails NFC, but not much more. The U-label portions of any > owner name arising from IDNA2008 have more restrictions -- most > punctuation is disallowed, upper case characters are not permitted > because they're not stable under case folding and NFKC, spaces are > disallowed, and so on. This difference is why I suggested a common > interoperable profile (see draft-sullivan-dnssd-label-miprofile-00. > Stuart had some quibbles about the recommendations in there, but in > any case the recommendations are outside our charter. I'm supposed to > pull out the problem statement part, which I guess I could be doing > rather than writing this mail). Dear Andrew, I hope to create a write-up better describing this situation. Bonjour should not be considered equivalent to DNS, although DNS plays a role. Once resolving services beyond link local are in scope, a type of canonicalization which includes RFC5198 normalization is required in checks for hostname conflicts. Bonjour hostnames are not constrained to what is legal for registered domains, but this freedom is for a single left-most label when resolving the hostname. Labels that do not represent hostnames should fall within the constraints imposed by DNS. >> 2) There are two processes normally involved. One is discovering >> services after selecting from a list of domains, and resolving >> services after selecting from a list of hostnames. In each case, >> both of these presentations can be done using UTF-8 (provided proper >> canonicalization is applied. Whether the label gets converted to an >> A-Label will depend on the selection of the domain. > > If I understand the above, you're suggesting that the user will know > how to cope with the issue. Frankly, I think that is just naïve. > Users do not have a theory of operation of IDNA vs. plain UTF-8 labels > in the DNS, and subtle inconsistencies between them are going to be at > least mystifying and at worst opportunities for bad behaviour. Users should only see UTF-8 strings, not A-Labels. A resolution process must apply rules needed to satisfy Bonjour and DNS separately as a two or three step process, Domain/Service/Hostname or Service/Hostname. Of course DNS will require registered domains expressed as A-labels, but hidden from users. Don't expect users to recognize A-label domains. Combining domain selection with hostname selection will not scale well when scope goes beyond link local. Use of search domains must be handled carefully and may even require confirmation by users. Regards, Douglas Otis
- [dnssd] A concrete example of the Punycode fallba… Ilya Kulakov
- Re: [dnssd] A concrete example of the Punycode fa… Andrew Sullivan
- Re: [dnssd] A concrete example of the Punycode fa… manning bill
- Re: [dnssd] A concrete example of the Punycode fa… Andrew Sullivan
- Re: [dnssd] A concrete example of the Punycode fa… Douglas Otis
- Re: [dnssd] A concrete example of the Punycode fa… Andrew Sullivan
- Re: [dnssd] A concrete example of the Punycode fa… Douglas Otis
- Re: [dnssd] A concrete example of the Punycode fa… Andrew Sullivan
- Re: [dnssd] A concrete example of the Punycode fa… Stuart Cheshire