Re: [netmod] rfc6991bis: inet:host

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 28 July 2020 15:10 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1C193A0D86 for <netmod@ietfa.amsl.com>; Tue, 28 Jul 2020 08:10:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03aV20vD3KIJ for <netmod@ietfa.amsl.com>; Tue, 28 Jul 2020 08:10:37 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EB3D3A0B2E for <netmod@ietf.org>; Tue, 28 Jul 2020 08:10:36 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id 5A6AB678; Tue, 28 Jul 2020 17:10:35 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.198]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id hH5ReGXFJW-I; Tue, 28 Jul 2020 17:10:35 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Tue, 28 Jul 2020 17:10:35 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id 0699E20154; Tue, 28 Jul 2020 17:10:35 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id T1i6A9EZciUM; Tue, 28 Jul 2020 17:10:34 +0200 (CEST)
Received: from localhost (anna.jacobs.jacobs-university.de [10.50.218.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by hermes.jacobs-university.de (Postfix) with ESMTPS id 983C0200E4; Tue, 28 Jul 2020 17:10:34 +0200 (CEST)
Date: Tue, 28 Jul 2020 17:10:33 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Ladislav Lhotka <ladislav.lhotka@nic.cz>
Cc: netmod@ietf.org
Message-ID: <20200728151033.wdjojzrlffh6sebu@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Ladislav Lhotka <ladislav.lhotka@nic.cz>, netmod@ietf.org
References: <20200721194434.pvekzgxaus43iihg@anna.jacobs.jacobs-university.de> <AM7PR07MB62482ED4917241DBCD08E7B7A0790@AM7PR07MB6248.eurprd07.prod.outlook.com> <20200722110030.6c7r6utxgjbsilkq@anna.jacobs.jacobs-university.de> <ff42e4cb-957c-a4f0-a88b-333a6565ed8e@nic.cz> <20200724083617.u3wkr34ehjezmusq@anna.jacobs.jacobs-university.de> <87a6zmifpo.fsf@nic.cz> <20200726202427.oqythl6sggm4uzxe@anna.jacobs.jacobs-university.de> <87wo2p8hnw.fsf@nic.cz> <20200727104412.jxgocoaxi2u6pula@anna.jacobs.jacobs-university.de> <2521f17d-c105-503a-1fc6-4f3ecaf6e58b@nic.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2521f17d-c105-503a-1fc6-4f3ecaf6e58b@nic.cz>
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/R0-h6iyXGiORYcwM7Hnk-5VbDhY>
Subject: Re: [netmod] rfc6991bis: inet:host
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 15:10:40 -0000

On Mon, Jul 27, 2020 at 03:18:25PM +0200, Ladislav Lhotka wrote:
> 
> 
> On 27. 07. 20 12:44, Juergen Schoenwaelder wrote:
> > On Mon, Jul 27, 2020 at 10:51:31AM +0200, Ladislav Lhotka wrote:
> >> Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> writes:
> >>
> >>> So would the following do the right thing?
> >>
> >> The invert-match pattern also needs to be added in order to avoid reserved labels:
> > 
> > Why are they illegal? If we make them illegal, how are we going to
> > deal with hosts that have non-ASCII names?
> 
> I am not able to find in what sense the "Reserved LDH" labels of RFC
> 5890 are really reserved, and I am not sure about the implications of
> permitting "xn--..." hostnames to be explicitly configured.

Right now, inet:domain-name as defined in RFC 6991 says:

      [...]
      Domain-name values use the US-ASCII encoding.  Their canonical
      format uses lowercase US-ASCII characters.  Internationalized
      domain names MUST be A-labels as per RFC 5890.";

Hence, if you want to configure a non-ASCII hostname using inet:host,
you have to write it in a sequence of A-labels, i.e., using the ASCII
Compatible Encoding (ACE). Hence, removing xn-- names seems to have a
significant potential to break things.
 
> If we want to allow non-ASCII names, then it would IMO be safer to use a
> type that expects straight Unicode for lexical representation and leave
> it to the implementations to convert to Punycode where necessary, e.g.
> when querying DNS.

Perhaps. But I am not sure this is the time to fix this or how this
can be done in a backwards compatible way. At least this likely can't
be done by disallowing ACE. It may be possible to add an additional
member to the inet:host union that catches internationalized names.
Since this would be enlarging the value space, I believe this is
inline with the spirit of section 11 of RFC 7950. Removing the ACE
names, however, restricts the value space and hence seem to contradict
section 11 of RFC 7950. (The explicit removal of underscore and single
letter hostnames may be considered a clarification since we have other
RFCs stating these constraints.)

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>