"Adam M. Costello" wrote: > > David Hopwood <[EMAIL PROTECTED]> wrote: > > > An ACE label means a type 00 domain label that consists of the ACE tag > > and an output of the ACE encoding algorithm. > > Not quite. The simplest fully-precise definition is: An ACE label is a > label that gets altered when ToUnicode is applied to it.
In terms of the specific context of domain names embedded in data streams, wouldn't the simplest definition be: any label that begins with the ACE prefix? This definition doesn't care if the label is provided in application data or in a DNS message or anything else, but it clearly delineates the label as an ACE encoded label and also contributes to clearly marking the hostile case of ACE labels that only contain ASCII. The question of hostile case came up earlier. The problem scenario is having an app decode and display the name, but where DNS does not. This allows for a hostile party to provide a link to www.zz--amazon.com which decodes for display as www.amazon.com on the compliant browser, but where DNS is sending the victim party to www.zz--amazon.com. The obvious method for preventing this is to forbid delegations with the prefix. But not all cases are isolated to public delegations, so all encoding/decoding systems must reject them equally if the protection is to exist globally. As a point of reference, my draft went so far (too far?) as to prohibit DNS errors from being returned with these names. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
