Re: utf-8 - punycode for ServerName|Alias?
On 8/1/2012 5:01 PM, Reindl Harald wrote: there is simply no need for UTF8 in servrnames the nslookup you see is only a user-view there are only ASCII chars in dns and http-config without any special char and that is why IDN exists ServerAlias xn--wrmlach-n2a.at www.xn--wrmlach-n2a.at you will find no other expression than xn--wrmlach-n2a.at for würmlach.at in dns, httpd and other services while nslookup and any browser are happy with the special chars Ok, now I'm entirely following you, thanks :) Based on your feedback, I have a couple of observations; 1. The ServerAlias above will continue to work, never intended otherwise. Some of us like to work closer to the wire than others. 2. IDN -does- exist, and list/forum traffic suggests there are users who want IDN to be recognized in a native representation. I propose we support only utf-8 in .conf files for that native representation and will prepare a patch that offers that support -for those who desire it-. 3. Some users, like yourself, will want to always see IDN mapped values in the access/error log. Others will want to always see utf-8, and I'll prepare a patch that allows either behavior. I don't plan to spend a lot of time on simultaneous use of both behaviors, but if it turns out to be trivial, there may be a finer grained support. 4. As you say, browser and nslookup users already benefit from this silent translation. httpd users are users, of varying skill and comprehension. There's no need to be exclusionary, IMHO.
Re: utf-8 - punycode for ServerName|Alias?
On 4/7/2012 2:00 AM, Reindl Harald wrote: Am 07.04.2012 08:33, schrieb William A. Rowe Jr.: So we have live registrars, no longer experimental, who are now registering domains in punycode. Make of it what you will. Do we want to recognize non-ASCII strings in the ServerName|Alias directives as utf-8 - punycode encodings? Internally, from the time the servername field is assigned, it can be an ascii mapping. All thoughts appreciated, particularly references to fresh specs, implementation guidance and compatible clients. serverconfigs - punnycode dns in background - punnycode self written backends - input UTF8, transparent translation while generating serverconfigs and translate back for display nothing other happens if you make nslookup würmlach.at there is no ü in any configuration nor in EPP/DRI nor in any postfix/dbmail/dovecot configuration [harry@srv-rhsoft:~]$ nslookup würmlach.at ns1.thelounge.net Server: ns1.thelounge.net Address:85.124.176.242#53 Name: würmlach.at Address: 91.118.73.6 Reindl, I'm having a hard time parsing what you are trying to communicate. AIUI, your example above, you've either 1. added RFC-incompliant high bit names to your own DNS, or 2. running a punycode-aware flavor of nslookup. Could you clarify? I am truly interested in your feedback as one active user of i18n domains, and the entire goal of any punycode awareness within httpd is to make your lives easier.
Re: utf-8 - punycode for ServerName|Alias?
Am 01.08.2012 18:25, schrieb William A. Rowe Jr.: On 4/7/2012 2:00 AM, Reindl Harald wrote: Am 07.04.2012 08:33, schrieb William A. Rowe Jr.: So we have live registrars, no longer experimental, who are now registering domains in punycode. Make of it what you will. Do we want to recognize non-ASCII strings in the ServerName|Alias directives as utf-8 - punycode encodings? Internally, from the time the servername field is assigned, it can be an ascii mapping. All thoughts appreciated, particularly references to fresh specs, implementation guidance and compatible clients. serverconfigs - punnycode dns in background - punnycode self written backends - input UTF8, transparent translation while generating serverconfigs and translate back for display nothing other happens if you make nslookup würmlach.at there is no ü in any configuration nor in EPP/DRI nor in any postfix/dbmail/dovecot configuration [harry@srv-rhsoft:~]$ nslookup würmlach.at ns1.thelounge.net Server: ns1.thelounge.net Address:85.124.176.242#53 Name: würmlach.at Address: 91.118.73.6 Reindl, I'm having a hard time parsing what you are trying to communicate. AIUI, your example above, you've either 1. added RFC-incompliant high bit names to your own DNS, or 2. running a punycode-aware flavor of nslookup. Could you clarify? I am truly interested in your feedback as one active user of i18n domains, and the entire goal of any punycode awareness within httpd is to make your lives easier there is simply no need for UTF8 in servrnames the nslookup you see is only a user-view there are only ASCII chars in dns and http-config without any special char and that is why IDN exists ServerAlias xn--wrmlach-n2a.at www.xn--wrmlach-n2a.at you will find no other expression than xn--wrmlach-n2a.at for würmlach.at in dns, httpd and other services while nslookup and any browser are happy with the special chars signature.asc Description: OpenPGP digital signature
Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: utf-8 - punycode for ServerName|Alias?
Bonjour, Je suis absente du 27 juillet au 19 août 2012 inclus. En cas d'urgence uniquement, contacter le standard au 0442 840 754 afin que votre message soit transmis au Directeur du Pôle Travail Adapté. Merci de votre compréhension. Marie-Hélène REYNAUD Assistante Commerciale LA CHRYSALIDE POLE TRAVAIL ADAPTE ZI St Mître 50 av Braye de Cau 13400 AUBAGNE Tél : 04 42 84 89 07 Fax : 04 42 84 89 08 mh.reyn...@chrysam.net
Re: utf-8 - punycode for ServerName|Alias?
On 7/30/2012 3:11 PM, Tim Bannister wrote: On 30 Jul 2012, at 23:00, William A. Rowe Jr. wrote: Exactly my point. If you configure a utf-8 hostname, we know in fact it is a punycode encoding of that value, which is why I believe it makes sense to represent both when you test the vhost configs with -D DUMP_VHOSTS. If you configure a punycode hostname, it will be accepted with no hassle. There is no such thing as an actual utf-8 or extended ASCII (8 bit) hostname. At the moment I have configuration (not working, but “ready” anyway :-) for the same virtual host in UTF-8 and punycode variants. I could easily set one of them to differ from the other. How will the new httpd handle this kind of situation? I think what I'd expect is a warning and then for one of them to take precedence and the other to be ignored. I expect we would follow the same duplicate detection logic we currently employ against ServerName/ServerAlias.
Re: utf-8 - punycode for ServerName|Alias?
On 4/7/2012 2:59 AM, Tim Bannister wrote: On 7 Apr 2012, at 07:33, William A. Rowe Jr. wrote: So we have live registrars, no longer experimental, who are now registering domains in punycode. Make of it what you will. Do we want to recognize non-ASCII strings in the ServerName|Alias directives as utf-8 - punycode encodings? Internally, from the time the servername field is assigned, it can be an ascii mapping. I think this is more important for mass virtual hosting (VirtualDocumentRoot from mod_vhost_alias, etc). Users would create a document root directory named, eg, テスト.example and expect it to work. They don't know anything about Unicode, let alone punycode. I reckon a lot of users would work out quickly that only Roman characters work in domain names, but they aren't going to be able to work out how to rename that folder into the correct punycode nor to tell the folders apart if renamed in this way. As a user: I already have a configuration file with a UTF-8 ServerAlias defined, that's just waiting for httpd to implement this feature … and until then, I have the punycoded version in there as well. I've spent a bit more time on this. The obvious issue of ambiguious domain registrations is being handled on a registrar-by-registrar basis, and you can get a nice summary of the punycode entries accepted by various registrars here; http://www.mozilla.org/projects/security/tld-idn-policy-list.html In thinking about what punycode is dangerous to represent, I can't come up with any within the context of httpd. 1. User VirtualHost ServerName/ServerAlias entries, or mod_vhost_alias entries. These are controlled by the administrator, not affected by the remote client. Provided that client provided non-ASCII domains are refused, then punycode can be represented as UTF-8 in our access and error logs, server config directives and so forth when referring to the locally configured domain names. We should always present these in things like mod_info and httpd -D DUMP_VHOSTS as name(punyname) to help the administrator to untangle any confusion. 2. Location: headers and automated self-url references should must present the punycode url in href= and other header fields, but may present the utf-8 in the presentation context such as error pages or autoindexes, etc. Whatever the W3C has to say about this in HTML5 is irrelevant if we don't know whether the user agent supports utf-8 - punycode transliteration. What is less clear is what precautions we should take when functioning as a forward proxy with proxy uri string contents, or presenting user-provided, non-canonicalized host names. I can imagine such translation being abused to conceal some forms of XSS exploitation. I'd start by assembling a patch to introduce punycode transliteration into the apr-util library and another patch into httpd for vhost, mass-vhosting using utf-8 path names, and presenting trusted utf-8 values for our error log and field tokens. Does anyone have concerns before I begin messing with this logic?
Re: utf-8 - punycode for ServerName|Alias?
Am 30.07.2012 22:54, schrieb William A. Rowe Jr.: What is less clear is what precautions we should take when functioning as a forward proxy with proxy uri string contents, or presenting user-provided, non-canonicalized host names. I can imagine such translation being abused to conceal some forms of XSS exploitation. I'd start by assembling a patch to introduce punycode transliteration into the apr-util library and another patch into httpd for vhost, mass-vhosting using utf-8 path names, and presenting trusted utf-8 values for our error log and field tokens. Does anyone have concerns before I begin messing with this logic? the idn-code has nothing to search in server-configs they are not in DNS, they are not in mail-servers all on the server level is working with punny-codes and this is good how it is signature.asc Description: OpenPGP digital signature
Re: utf-8 - punycode for ServerName|Alias?
On 7/30/2012 2:47 PM, Reindl Harald wrote: Am 30.07.2012 22:54, schrieb William A. Rowe Jr.: What is less clear is what precautions we should take when functioning as a forward proxy with proxy uri string contents, or presenting user-provided, non-canonicalized host names. I can imagine such translation being abused to conceal some forms of XSS exploitation. I'd start by assembling a patch to introduce punycode transliteration into the apr-util library and another patch into httpd for vhost, mass-vhosting using utf-8 path names, and presenting trusted utf-8 values for our error log and field tokens. Does anyone have concerns before I begin messing with this logic? the idn-code has nothing to search in server-configs they are not in DNS, they are not in mail-servers all on the server level is working with punny-codes and this is good how it is Exactly my point. If you configure a utf-8 hostname, we know in fact it is a punycode encoding of that value, which is why I believe it makes sense to represent both when you test the vhost configs with -D DUMP_VHOSTS. If you configure a punycode hostname, it will be accepted with no hassle. There is no such thing as an actual utf-8 or extended ASCII (8 bit) hostname. For adding the feature to mod_vhost_alias, I absolutely would not do that without adding a flag (or a %-escape modifier) to determine whether we are looking at the punycode host (default) or utf-8 representation (configurable). If there are a significant number of folks who enjoy reading punycode, I have no problem making the access and error log representations in original punycode representation, and for non-canonical hostname behavior, I believe that would be for the best.
Re: utf-8 - punycode for ServerName|Alias?
On 30 Jul 2012, at 23:00, William A. Rowe Jr. wrote: Exactly my point. If you configure a utf-8 hostname, we know in fact it is a punycode encoding of that value, which is why I believe it makes sense to represent both when you test the vhost configs with -D DUMP_VHOSTS. If you configure a punycode hostname, it will be accepted with no hassle. There is no such thing as an actual utf-8 or extended ASCII (8 bit) hostname. At the moment I have configuration (not working, but “ready” anyway :-) for the same virtual host in UTF-8 and punycode variants. I could easily set one of them to differ from the other. How will the new httpd handle this kind of situation? I think what I'd expect is a warning and then for one of them to take precedence and the other to be ignored. -- Tim Bannister – is...@jellybaby.net smime.p7s Description: S/MIME cryptographic signature
Re: utf-8 - punycode for ServerName|Alias?
Am 07.04.2012 08:33, schrieb William A. Rowe Jr.: So we have live registrars, no longer experimental, who are now registering domains in punycode. Make of it what you will. Do we want to recognize non-ASCII strings in the ServerName|Alias directives as utf-8 - punycode encodings? Internally, from the time the servername field is assigned, it can be an ascii mapping. All thoughts appreciated, particularly references to fresh specs, implementation guidance and compatible clients. serverconfigs - punnycode dns in background - punnycode self written backends - input UTF8, transparent translation while generating serverconfigs and translate back for display nothing other happens if you make nslookup würmlach.at there is no ü in any configuration nor in EPP/DRI nor in any postfix/dbmail/dovecot configuration [harry@srv-rhsoft:~]$ nslookup würmlach.at ns1.thelounge.net Server: ns1.thelounge.net Address:85.124.176.242#53 Name: würmlach.at Address: 91.118.73.6 signature.asc Description: OpenPGP digital signature
Re: utf-8 - punycode for ServerName|Alias?
T Sent from my BlackBerry® smartphone -Original Message- From: Reindl Harald h.rei...@thelounge.net Date: Sat, 07 Apr 2012 11:00:16 To: dev@httpd.apache.org Reply-To: dev@httpd.apache.org Subject: Re: utf-8 - punycode for ServerName|Alias? Am 07.04.2012 08:33, schrieb William A. Rowe Jr.: So we have live registrars, no longer experimental, who are now registering domains in punycode. Make of it what you will. Do we want to recognize non-ASCII strings in the ServerName|Alias directives as utf-8 - punycode encodings? Internally, from the time the servername field is assigned, it can be an ascii mapping. All thoughts appreciated, particularly references to fresh specs, implementation guidance and compatible clients. serverconfigs - punnycode dns in background - punnycode self written backends - input UTF8, transparent translation while generating serverconfigs and translate back for display nothing other happens if you make nslookup würmlach.at there is no ü in any configuration nor in EPP/DRI nor in any postfix/dbmail/dovecot configuration [harry@srv-rhsoft:~]$ nslookup würmlach.at ns1.thelounge.net Server: ns1.thelounge.net Address:85.124.176.242#53 Name: würmlach.at Address: 91.118.73.6
Re: utf-8 - punycode for ServerName|Alias?
On 7 Apr 2012, at 07:33, William A. Rowe Jr. wrote: So we have live registrars, no longer experimental, who are now registering domains in punycode. Make of it what you will. Do we want to recognize non-ASCII strings in the ServerName|Alias directives as utf-8 - punycode encodings? Internally, from the time the servername field is assigned, it can be an ascii mapping. I think this is more important for mass virtual hosting (VirtualDocumentRoot from mod_vhost_alias, etc). Users would create a document root directory named, eg, テスト.example and expect it to work. They don't know anything about Unicode, let alone punycode. I reckon a lot of users would work out quickly that only Roman characters work in domain names, but they aren't going to be able to work out how to rename that folder into the correct punycode nor to tell the folders apart if renamed in this way. As a user: I already have a configuration file with a UTF-8 ServerAlias defined, that's just waiting for httpd to implement this feature … and until then, I have the punycoded version in there as well. -- Tim Bannister – is...@jellybaby.net smime.p7s Description: S/MIME cryptographic signature