Mark Welter wrote:
> There is no need to decode an ACE to prohibit characters, or in
> fact arbitrary strings. You have to keep clearly in mind that the
> "registration" process controls what can resolve.
Marc Blanchet <[EMAIL PROTECTED]> replied:
> sorry, the "registration" process only controls 2nd level labels. It
> doesn't control 3nd, 4th, levels of labels.
True. I don't know about Mark, but I'm not proposing to do the
prohibition only at registration time (though it should probably be done
there too).
Before an IDN can be put into a DNS response, it must have been
transformed into ACE. This transformation might happen inside an
IDN-aware name server when it loads the zone file, or might happen
earlier when a separate preprocessor generates a zone file that already
contains ACEs (for use by an IDN-unaware name server). I'm proposing
that whatever server-side software performs the transformation into ACE
should, at the same time, check for prohibited names.
Perhaps Mark's "registration" in quotes was intended to be a shorthand
for this transformation step.
If names are prohibited on the server side, then they need not (and
should not) be prohibited on the client side.
AMC
