"." is a valid domain name, however both the IDNA2003 and IDNA2008 parsers treat it as an empty label error.
Ideally the toUnicode routines should pass it unchanged and the toASCII ones should map all separators to ".", otherwise client libraries will need to special case it. Example where this causes issues for a DNSSEC library on Android: https://issuetracker.google.com/issues/113070416
I have a working patch for this for both IDNA2003 and IDNA2008 which I'll link once I have the issue ID. However the current IdnaTestV2.txt file for IDNA2008[1] has entries which expect root domain inputs to return errors, so accepting my patch will make implementations which test against that file non-conformant.
Also, so far I have only changed icu4j but I'm happy to create a patch for icu4c once we have a consensus.
Activity
Show:
Markus Scherer February 21, 2019 at 6:54 PM
Closing this because AFAICT ICU does what it should.
If you have new information, please reopen with details.
Markus Scherer February 20, 2019 at 12:27 AM
(IDNA2003 is obsolete, so I am ignoring it for now.)
If VerifyDnsLength flag is true, then verify DNS length restrictions. This may record an error. For more information, see [STD13] and [STD3].
The length of the domain name, excluding the root label and its dot, is from 1 to 253.
The length of each label is from 1 to 63.
With a domain name like ".", the length, excluding the root label and its dot, is 0. And the length of the label to the left of the dot is 0. Therefore, setting the EMPTY_LABEL error seems correct.
Note that the code does not throw an exception. It sets error flags that can be individually ignored if the caller does not care about one or more of the errors.
What spec makes you think that "." should not cause an error to be set?
"." is a valid domain name, however both the IDNA2003 and IDNA2008 parsers treat it as an empty label error.
Ideally the toUnicode routines should pass it unchanged and the toASCII ones should map all separators to ".", otherwise client libraries will need to special case it. Example where this causes issues for a DNSSEC library on Android: https://issuetracker.google.com/issues/113070416
I have a working patch for this for both IDNA2003 and IDNA2008 which I'll link once I have the issue ID. However the current IdnaTestV2.txt file for IDNA2008[1] has entries which expect root domain inputs to return errors, so accepting my patch will make implementations which test against that file non-conformant.
Also, so far I have only changed icu4j but I'm happy to create a patch for icu4c once we have a consensus.