Re: [Freeipa-devel] Internationalized domain names in freeIPA
On Thu, 07 Nov 2013, Martin Basti wrote: On Tue, 2013-11-05 at 18:04 +0100, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). In LDAP the values need to be in punycode, so bind-dyndb-ldap can process them. IMO all layers above that -- API, CLI, WebUI -- should use Unicode, except with the `--raw` flag. Thanks for your opinions. I will do that as Petr wrote. After discussing ticket #4020 (ipasam changes for iDNS), please make sure realmdomains are always written *without* punycode. realmdomains are just an attribute with UTF8, it is not used by named so it will not affect DNS driver. However, keeping realmdomains values in UTF8 will help us by not requiring any modification to ipasam module. -- Martin^2 Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Internationalized domain names in freeIPA
On 11/07/2013 02:14 PM, Martin Kosek wrote: On 11/07/2013 01:59 PM, Petr Viktorin wrote: On 11/05/2013 06:08 PM, John Dennis wrote: On 11/05/2013 12:04 PM, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). In LDAP the values need to be in punycode, so bind-dyndb-ldap can process them. This suggests the LDAP type conversion is the right location for encode/decode. IMO all layers above that -- API, CLI, WebUI -- should use Unicode, except with the `--raw` flag. The reason for this is that UTF-8 isn't as canonical a represenation of Punicode as, say, a DN object for DNs or a bool for boolean values. Admins might reasonably want to see the raw value. Also, these values end up in DNs; I fear converting them at the LDAP wrapper level could open a can of worms. Do we have resources to give this the testing it needs? I think converting them in the DNS plugin is the way to go. Just to clarify the terms here: DNS plugin === dns.py plugin in FreeIPA, not bind-dyndb-ldap. dns.py; sorry for the confusion. -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Internationalized domain names in freeIPA
On Tue, 2013-11-05 at 18:04 +0100, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). In LDAP the values need to be in punycode, so bind-dyndb-ldap can process them. IMO all layers above that -- API, CLI, WebUI -- should use Unicode, except with the `--raw` flag. Thanks for your opinions. I will do that as Petr wrote. -- Martin^2 Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Internationalized domain names in freeIPA
On 11/05/2013 06:08 PM, John Dennis wrote: On 11/05/2013 12:04 PM, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). In LDAP the values need to be in punycode, so bind-dyndb-ldap can process them. This suggests the LDAP type conversion is the right location for encode/decode. IMO all layers above that -- API, CLI, WebUI -- should use Unicode, except with the `--raw` flag. The reason for this is that UTF-8 isn't as canonical a represenation of Punicode as, say, a DN object for DNs or a bool for boolean values. Admins might reasonably want to see the raw value. Also, these values end up in DNs; I fear converting them at the LDAP wrapper level could open a can of worms. Do we have resources to give this the testing it needs? I think converting them in the DNS plugin is the way to go. -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Internationalized domain names in freeIPA
On 11/07/2013 01:59 PM, Petr Viktorin wrote: On 11/05/2013 06:08 PM, John Dennis wrote: On 11/05/2013 12:04 PM, Petr Viktorin wrote: On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). In LDAP the values need to be in punycode, so bind-dyndb-ldap can process them. This suggests the LDAP type conversion is the right location for encode/decode. IMO all layers above that -- API, CLI, WebUI -- should use Unicode, except with the `--raw` flag. The reason for this is that UTF-8 isn't as canonical a represenation of Punicode as, say, a DN object for DNs or a bool for boolean values. Admins might reasonably want to see the raw value. Also, these values end up in DNs; I fear converting them at the LDAP wrapper level could open a can of worms. Do we have resources to give this the testing it needs? I think converting them in the DNS plugin is the way to go. Just to clarify the terms here: DNS plugin === dns.py plugin in FreeIPA, not bind-dyndb-ldap. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Internationalized domain names in freeIPA
On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). -- John ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Internationalized domain names in freeIPA
On 11/05/2013 05:53 PM, John Dennis wrote: On 11/05/2013 11:13 AM, Martin Basti wrote: Hi list, I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169 UTF-8 DNS names will be converted to punycode ASCII string and stored But there is a question, how to show DNS names to user (in UI or dnsrecord-show/find): * show them in punycode * convert them to UTF-8 and show * both ways * add options to show them in UTF-8 I'll be thankful for your opinion. We have a rule that all strings use UCS and that UCS be interchanged by encoding UCS text in UTF-8. Therefore it seems to me the only time punycode should ever exist is when it's necessary to encode/decode punycode for dns operations. Since punycode is a standard Python codec this should be trivial, you just need to determine where you do the encode/decode (perhaps also validating user input can be successfully encoded). In LDAP the values need to be in punycode, so bind-dyndb-ldap can process them. IMO all layers above that -- API, CLI, WebUI -- should use Unicode, except with the `--raw` flag. -- Petr³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel