- From: Henri Sivonen <notifications@github.com>
- Date: Mon, 04 Mar 2024 03:37:49 -0800
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/824/1976384708@github.com>
Given that ASCII labels have O(n) behavior and non-ASCII labels have O(n^2) behavior, I think it's not good for an _implementation_ to take the position that a) the length of ASCII labels is unconstrained and b) ASCII and non-ASCII labels have the same length (non-)requirements. It follows that either the specs give precise interoperable constraints or implementations make something up under https://infra.spec.whatwg.org/#algorithm-limits as ICU4C has done (or risk denial of service). It’s a bit unclear to me what the foreseeable space of naming systems is. #397 points to NetBIOS, but, AFAICT, the way the URL Standard’s "forbidden domain code point" does not appear to arise directly from [NetBIOS](https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou). In any case, NetBIOS seems to be limited to 15 ASCII characters, so the limit is a) irrelevant to non-ASCII labels and b) more constraining on length than DNS’s length constraint. `.onion` naming uses an ASCII label before the `onion` label, so the concern of allowing longer cryptographic material in `.onion` naming is relevant to setting `VerifyDNSLength` to `false` but not relevant to what length constraints might be appropriate for Unicode labels. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/824#issuecomment-1976384708 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/824/1976384708@github.com>
Received on Monday, 4 March 2024 11:37:54 UTC