Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Tue, 13 Sep 2011, Jan Cholasta wrote:
What about IDN hosts? With this change we would require them to be
always in Punycode?

Oh, hadn't considered that, I was just following the relevent RFCs. Is
there a way we can easily support those as well?

The easiest way would probably be:

normalizer=lambda value: unicode(value.encode('idna'))
That's one part. Another one is visualizing such content -- for both
Web UI and CLI we would need to run encodings.idna.ToUnicode().
Finally, make sure whatever we pass to external applications is
properly formatted as well -- all of them should be able to work with
xn-<Punycode> form.

The UI also links the DNS hostname to the host entries so I'd think the
names must be matchable in some way. If DNS can only store punycode
names I think the regex will be fine.

I think we're going to need a bit more time to get this right. What I propose for the short term is to encode in puny code, do the validation, and reject as required. We still store in full unicode.

Note that special characters may not work that will now but validating characters won't make it any worse.


Freeipa-devel mailing list

Reply via email to