> I think that is good to require that IDNs be compatible with DNSSEC. actually, now that I think about it, this is probably too narrow a requirement. it presumes that IDNs are going to be implemented using the DNS protocol, which at this point I think is premature. DNSSEC is more complicated than necessary due to the need to accomodate existing DNS RRs with no modification to their format. if we had the necessity of writing a different protocol for IDNs, the equivalent of DNSSEC would be a lot simpler. IMHO, The requirement should be that IDNs have authentication and integrity assurance which is at least as good as DNSSEC. Keith
