> comments are welcome. thanks. There are, in my opinion, two problems with the DNAME method that affect the application layer that are rarely mentioned. Perhaps this is because I am wrong about them and they are not real problems, so feedback would be useful.
1. "Host:" headers If a registry (or other parent zone) unilaterally adds DNAME records that alias a new IDN label to a current ccTLD style ASCII label, application servers which are only configured to accept requests for the ASCII form of the label will reject requests made using the IDN form. i.e. if your Apache server is configured with: ServerName www.cnnic.cn it will reject requests for www.cnnic.中国 unless the appropriate ServerAlias is also configured. 2. SSL Subject Names Similarly an SSL request for the IDN version of a domain name will fail unless the SSL certificate also includes a "Subject Alternate Name" for the IDN version. Whilst the same problems can also occur with the NS method, I believe that the risk for confusion is much reduced if the creation of each IDN label is controlled by the domain owner, and not done automatically by the parent. The domain owner can then make the choice for themselves whether to support both IDNs and ASCII labels, and configure their web servers etc appropriately. kind regards, Ray -- Ray Bellis, MA(Oxon) MIET Senior Researcher in Advanced Projects, Nominet e: r...@nominet.org.uk, t: +44 1865 332211
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
