Punycode features?

[dsheets]

trafficstars

It's frightening but it does exist. :-(

See https://tools.ietf.org/html/rfc3492 and https://tools.ietf.org/html/rfc5891.

This might want to be a codec lib that we depend on in some future utopia.

[hannesm]

some lib (not yet packaged, needs mli and tests) appeared https://github.com/cfcs/ocaml-punycode

[avsm]

@hannesm @cfcs is this in scope for integration now that we use domain-names here?

[hannesm]

it should not need any changes to dns itself (ok, maybe to the client code), but instead some transformation before passing the request to the internet via the above linked punycode library

[cfcs]

The library now has tests and docstrings, and I think it should work pretty well now, at least I haven't been able to find misbehaviour.

Due to phishing and so on I'm a little bit concerned about transparently encoding Punycode names from unicode strings, see: https://github.com/cfcs/ocaml-punycode/issues/6

I'm not 100% up to date on what countermeasures browsers deploy to prevent stuff like this, but I think a common one is to complain if the unicode string contains characters from mixed unicode character planes, ie all-cyrillic or all-latin is fine, but mixed cyrillic and latin is rejected. The Wikipedia article referenced in the issue has some more details.